Boosting America's digital defense: Key takeaways from the FY 2026 budget priorities
Ahead of the new US federal fiscal year beginning October 1, the Office of Management and Budget (OMB) and the Office of the National Cyber Director (ONCD) released a memorandum titled Administration Cybersecurity Priorities for the FY 2026 Budget. The memo outlines a comprehensive roadmap for federal agencies and provides crucial guidance for agency heads as they formulate their fiscal year 2026 budget submissions in furtherance of the National Cybersecurity Strategy.
Cybersecurity priorities and initiatives for government
Zero Trust architecture implementation
One of the most significant directives in the memo is its emphasis on Zero Trust architecture. The memo requires agencies to submit updated Zero Trust implementation plans within 120 days. These plans must encompass all information systems and document current and target maturity levels for high-value assets and high-impact systems. This initiative aims to modernize federal defenses and strengthen the government's overall cybersecurity stance.
Improving baseline cybersecurity requirements
The memorandum emphasizes the need for regulatory agencies to establish minimum cybersecurity requirements for critical infrastructure sectors. Agencies are encouraged to consult with regulated entities to create baseline requirements that are both broadly applicable and adaptable to evolving threats.
Open source software security
Recognizing the vital importance of open source software, the memo calls for federal agencies to ensure its secure use and contribute to maintaining open source code. Agencies are encouraged to integrate open source into their IT and cybersecurity governance structures.
Countering cybercrime and threat actors
The memo directs agencies involved in disrupting threat actors to prioritize resources for investigating cybercrimes, dismantling ransomware infrastructure, and combating the abuse of virtual currency.
Strengthening the cyber workforce
Addressing the challenges in hiring cyber professionals, the document calls for agencies to support the implementation of the National Cyber Workforce and Education Strategy (NCWES). This includes adopting skills-based hiring practices and removing barriers to entry for diverse talent.
Preparing for post-quantum cryptography
The memo directs departments and agencies to refine cost estimates for transitioning their most critical and sensitive networks and systems to quantum-resistant cryptography. This proactive approach aims to address potential future threats posed by quantum computing.
Scaling public-private collaboration
With upwards of 80% of critical infrastructure being run and managed by the private sector, it is imperative that industry and government are linked closely. The document emphasizes the importance of scaling public-private collaboration, particularly in defending critical infrastructure, such as energy systems, financial institutions, telecommunications, and emergency services. The memo calls for Sector Risk Management Agencies (SRMAs) to prioritize building capacity and mechanisms to manage risks in their respective sectors, strengthening collaboration to defend critical infrastructure.
Impact on federal cybersecurity efforts
The emphasis on Zero Trust architecture implementation signals a shift in how federal agencies approach cybersecurity. This model assumes no implicit trust in any single element of a network and requires continuous verification of every user, device, and transaction.
The focus on workforce development and open source software security demonstrates an understanding of the evolving nature of cybersecurity challenges. By addressing these areas, the government aims to build a more robust and adaptable cybersecurity ecosystem.
A starting point for a unified cyber strategy
Before agency leaders begin to carve out a budget for new cybersecurity technology, it’s worth considering how many of these priorities can be met by as few solutions as possible, thereby reducing tool sprawl, training, and disconnected data.
Many government agencies are already using Elastic Security for threat hunting, endpoint protection, security analytics, and more. In addition, Elastic is serving as a vital unified data layer that connects the pillars of their Zero Trust architecture in order to achieve holistic visibility.
Elastic’s open, collaborative approach leverages the power of community to detect and remediate threats. And because Elastic Security is built on the Elastic Search AI Platform, agencies can leverage integrated AI and ML capabilities to detect threats, automate triage, accelerate incident management and root cause analysis, and better understand problems and remedies.
Overall, this memorandum sets a clear direction for federal agencies' cybersecurity efforts, emphasizing modernization, collaboration, and proactive risk management. As agencies align their budget submissions with these priorities, we can expect to see a more coordinated and robust federal cybersecurity posture in the coming years.
The release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.