Nearly 85% of the CFO Act agency chief information officers left over the last 12 months. The turnover across the community is unprecedented.
But, generally speaking, federal technology and cybersecurity policy coming from the Trump administration has been relatively modest in calendar year 2025.
For a change, federal acquisition dominated the news cycle from the overhaul of the Federal Acquisition Regulations to the Senate confirmation of Kevin Rhodes to be the administrator of the Office of Federal Procurement Policy to the General Services Administration’s OneGov enterprise contract initiative and increased scrutiny of consulting contractors and value-added resellers.
With so much going on across the federal sector, Federal News Network asked a panel of former federal executives for their opinions about 2025 and what federal IT and acquisition storylines stood out over the last 12 months.
The panelists are:
Jonathan Alboum, federal chief technology officer for ServiceNow and former Agriculture Department CIO.
Melvin Brown, vice president and chief growth officer at CANI and a former deputy CIO at the Office of Personnel Management.
Matthew Cornelius, managing director at Workday and former OMB and Senate staff member.
Kevin Cummins, a partner with the Franklin Square Group and former Senate staff member.
Michael Derrios, the new executive director of the Greg and Camille Baroni Center for Government Contracting at the George Mason University and former State Department senior procurement executive.
Julie Dunne, a principal with Monument Advocacy and former commissioner of GSA’s Federal Acquisition Service.
Mike Hettinger, founding principal of Hettinger Strategy Group and former House staff member.
Nancy Sieger, a partner at Guidehouse Financial Services Sector and a former IRS CIO.
Here are the 2024, 2023 and 2022 year in reviews as well, in case you were interested in comparing previous responses.
What are two specific accomplishments in 2025 within the federal IT and/or acquisition community? Please offer details about those accomplishments and why you thought they had an impact and what changes they brought.
MC: The administration’s concerted push to work more directly with commercial-off-the-shelf software leaders is one of the most significant changes in the federal acquisition landscape in a long time. Not only have these steps reduced costs, but direct relationships between enterprise software leaders and government customers has led to less confusion about product roadmaps and capability assessments, while providing opportunities for the government and American’s leading tech companies to solve problems in a collaborative way that improves both mission readiness and global competitiveness.
Matthew Cornelius is the managing director at Workday and former OMB and Senate staff member.
The Department of Energy became the first cabinet-level agency in the history of the U.S government to go live on a true human capital management software-as-a-service (SaaS) solution. This is an historic step forward for human resources transformation and showcases the ability of leading commercial SaaS solutions to meet stringent federal security and functional requirements at scale that will transform mission readiness for DoE and its agency peers.
MB: AI moved from “policy talk” to governed buying. OMB issued two major April memos that together pushed agencies from experimentation toward repeatable governance and acquisition patterns — what must be documented, who must be involved, and what vendors must provide. Why it mattered for acquisition is because it’s a forcing function for standard solicitation language, evaluation factors, data rights/lock-in protections, privacy involvement and risk controls in AI buys.
The late-2025 “AI procurement guardrails” conversation got louder, especially for large language model (LLM) providers. By December 2025, reporting highlighted OMB procurement guardrails focused on what agencies should demand when buying AI tools, including large language models, and set near-term timelines for agencies to update acquisition policies. Why it mattered is it signaled that LLM procurement is being treated as a special class of risk/assurance problem — not just another software buy.
KC: The FAR rewrite and FedRAMP 20x initiatives made a lot of progress. While the impact of the FAR overhaul and FedRAMP changes may not be felt immediately, these changes should make it easier for agencies to acquire technologies to better meet their missions. FedRAMP’s purpose is to accelerate cloud adoption, but it has become a barrier for commercial cloud companies that want to work with agencies. Even when agencies do have access to FedRAMP’ed cloud solutions, they tend to lag behind the latest versions sold to commercial customers due to the cost and time it takes to get authorizations to operate (ATOs).
MH: The GSA OneGov initiative stands out as one of the more significant things to have happened in federal IT and procurement this year, with more to come as we go into 2026. What started out as just a handful of companies participating has grown into something more significant with 15 OneGov deals having been announced and while we maybe haven’t yet seen the full extent of what it can do in terms of changing buying and selling habits, I suspect we will see those changes as we go into next year. The FAR overhaul is another significant and related piece of this puzzle, which we will again begin to see more from in the next year.
JD: Revolutionary FAR overhaul (RFO) and OneGov activities
NS: I’m watching closely how agencies move from basic zero trust architecture (ZTA) compliance to operationalizing mature, integrated zero trust capabilities across all five pillars: identity, devices, networks, applications and data. The 2025 accomplishments in zero trust adoption created a foundation. In 2026, it will become clearer which agencies can achieve the cultural transformation and cross-domain integration that true zero trust requires.
The real change this brought was cultural. IT professionals moved from viewing zero trust as a security mandate to recognizing it as an enabler of hybrid work and cloud adoption. This shift helped agencies reduce attack surface across government networks and establish replicable patterns that smaller agencies could follow, expanding access to advanced security capabilities across the federal enterprise.
In 2025, the federal government moved beyond AI policy development to actual governance implementation. OMB’s updated guidance, combined with agency-level chief AI officers and cross-functional AI governance boards, created accountability structures that didn’t exist before. What impressed me most was how Treasury and IRS established AI testing and validation protocols that balanced innovation with responsible use.
This brought tangible changes; agencies now have repeatable processes for AI risk assessment, bias testing and human oversight integration. It shifted the conversation from “should we use AI?” to “how do we use AI responsibly?” enabling mission delivery while maintaining public trust.
JA: 2025 was the year of agencies moving beyond AI pilot programs and onto large-scale deployment. As AI became embedded in day-to-day operations, it quickly became clear that success hinges on strong foundations — like high data quality, governance and scalable infrastructure. Agencies that invested in these core building blocks moved toward more sustainable and responsible AI implementations. The result was greater confidence in AI outcomes, improved interoperability and a clearer path for long-term innovation across government.
This shift in priorities is already delivering tangible results. One agency I worked with this past year consolidated 47 intake channels and five legacy platforms into a single system of record, improving data collection efficiency by 80%. By unifying data and workflows, the agency created a strong foundation for scaling AI across the mission and driving measurable outcomes.
This year also brought renewed momentum to enterprise acquisitions. Initiatives like GSA’s OneGov enabled agencies to move away from fragmented purchasing and toward coordinated, enterprisewide agreements. These agreements reduced friction, improved visibility and delivered better value for taxpayers, reflecting the growing demand for simpler access to modern IT solutions. Together, these changes signaled a cultural shift in federal AI adoption — one that prioritizes speed, collaboration and measurable outcomes over complexity.
MD: I think the most significant accomplishment is DoD’s launch of CMMC 2.0 because of how it will shape acquisition strategy, contracting practice and supply-chain resilience across the federal enterprise. As I said in a recent white paper on the subject, the acquisition impact of CMMC is systemic because it will influence how agencies define capable sources, how solicitations are written, how proposals are evaluated and how performance is monitored. Certification is now a qualification threshold for industry and a practical tool for risk reduction in government agencies. But it will also be a costly investment, especially for small businesses. However, I also think civilian federal agencies will eventually look to adopt portions of CMMC at some point, so it behooves any contractor looking to do business with the federal government to explore getting certified at the right time depending on where they’re at in their life cycle.
What technology, acquisition initiative or program surprised you based on how much progress it made or how the pieces and parts came together and why?
MB: FedRAMP tried to become faster and more outcome-oriented through its 20x pilot. GSA launched FedRAMP 20x in March 2025 and continued publishing implementation updates and pilot details through 2025. Separately, GSA reported record authorization pace in 2025 and linked progress to the shift toward modernization, including the 20x pilot. Why it mattered for acquisition is agencies and vendors saw real pressure to reduce authorization friction and move toward automation-based validation and a “security over paperwork” posture, as described in FedRAMP’s own updates.
DoD cybersecurity requirements for contractors hit a concrete implementation runway through the Cybersecurity Maturity Model Certification (CMMC) program. DoD’s CMMC implementation began Phase 1 in November with a multi-phase rollout plan over three years, as described by the DoD CIO and reflected in associated rulemaking discussion. Why it mattered is it moved CMMC from “coming soon” into real solicitation/award gating, changing competitive dynamics for federal suppliers supporting defense programs.
NS: What genuinely surprised me in 2025 was the bold reimagining of FedRAMP through the “FedRAMP 20x” initiative. After more than a decade of incremental changes, GSA’s new leadership assembled a federal technical team of security experts, platform engineers, and data scientists who fundamentally redesigned the authorization framework to be cloud-native and automation-driven with continuous security validation.
Nancy Sieger is a partner at Guidehouse Financial Services Sector and a former IRS CIO.
In my federal agency CIO role, I thought for years the FedRAMP authorization processes were bureaucratic and slow-moving, yet in 2025 the program demonstrated that radical transformation was possible. From Guidehouse’s perspective, what made this remarkable was the cultural shift toward transparency and genuine stakeholder collaboration. This demonstrated that even deeply entrenched federal compliance programs can evolve rapidly when there’s bold leadership, technical expertise and willingness to rethink established processes rather than just optimize them.
KC: The Department of Government Efficiency (DOGE) was surprising in almost every way and was far more impactful than I expected, even if some of its initial claims about government savings were overstated.
MC: I have been incredibly impressed with the reorganization across GSA’s key federal acquisition programs. Elevating the importance, competence, criticality and talent within GSA to drive true consolidation, efficiency, cost savings and standardization across the governmentwide technology procurement landscape has been a long overdue effort that has already delivered enormous outcomes. I’m not surprised that this has been successful, more so just heartened to see the pivot back to bolstering and strengthening GSA’s ability to be the true innovator and key negotiator in the federal technology acquisition landscape as a worthy and worthwhile sign of confidence in this vital agency.
MH: I was pleased to see progress made related to implementation of the Government Service Delivery Improvement Act, which was signed into law in January 2025. While there’s still a way to go toward full implementation, the federal CIO has been designated as the federal service delivery lead as required by the law, and the requirements of GSDIA were incorporated into the annual Circular A-11, Section 280 update, meaning agencies should account for the requirements of GSDIA in their fiscal 2027 budgets. Once we get the agency high impact service providers (HISP) service delivery leads in place, which should happen early next year, GSDIA, working together with 21st Century IDEA and a host of administration policies, should serve to accelerate the path to better, more efficient customer experience.
JD: The revolutionary FAR overhaul (RFO) was a huge effort to publish all the FAR model deviation text by the end of the fiscal year (Sept 30). The FAR Council and the GSA team deserve a lot of credit for getting that done.
The OneGov strategy was announced in April 2025. By the end of the year, GSA had announced 15 agreements. It’s unclear at this point how much agencies are able to leverage these agreements, but it’s impressive that GSA put together that group of agreements over the course of eight months. I’m sure there are more announcements to come.
JA: This year, it became clear that AI cannot scale securely without zero trust. I was struck by how quickly AI governance converged into a shared, nonnegotiable priority. As more agencies deployed AI, cybersecurity risks became impossible to ignore. Zero trust shifted from policy guidance to an operational must, forcing agencies to rethink both their architecture and procurement strategies as they work toward the 2027 mandate.
MD: I’m a bit biased on this one but I’m going to have to say State’s Evolve program. The request for proposals was issued three years ago in December 2022, and given the sheer complexity of the technical program and contract structure, a two-step advisory down select process associated with the highest number of proposals State has ever managed at one time, along with the ambitious size of the award pools, the fact that the department was able to start making contract awards this summer was a tremendous accomplishment.
What emerged as the biggest technology/acquisition challenge of 2025 that will have an impact into 2026 and beyond?
KC: Secretary of Defense Pete Hegseth has acknowledged that “our acquisition system is only as good as our workforce.” Yet we saw many experienced contracting officers leave the federal government in 2025 through the Deferred Resignation Program (DRP), Voluntary Early Retirement Authority (VERA) and other attrition. We also lost many of the newer, more tech-savvy feds who had been hired into places like the Cybersecurity and Infrastructure Security Agency (CISA) and GSA’s Technology Transformation Service (TTS). That will make it harder to successfully modernize government in 2026 and beyond. While some flashy, high-priority procurements may still speed along, more mundane federal IT upgrades will likely suffer.
MC: One of the key provisions of the FedRAMP Authorization Act was around collapsing and consolidating various security assessment frameworks to achieve greater reciprocity between agencies and create scale for critical technologies that can truly serve foundational missions in any agency. While much of the effort (rightly so) has been on automation and streamlining the authorization process so more innovative solutions can enter the federal market, for the “big bets” the administration is making on foundational infrastructure and platforms across both civilian and defense sectors, seeing how OMB (and GSA, DOD, etc.) better collaborate and consolidate on accreditation priorities and processes to speed reciprocity and time to value for these key investments should be a paramount priority.
JA: Growing complexity is a technology and acquisition trend that shows no signs of slowing. Agencies are trying to navigate AI adoption, massive amounts of data, cybersecurity mandates, procurement reform and workforce changes, all while delivering mission-critical outcomes.
Without strong governance, we risk repeating past mistakes like technology sprawl, duplication, and unmanaged threats — only at a much larger scale and with greater negative consequences. Moving into 2026, success will be defined less by the launch of new initiatives, and more by the ability to govern technology investments to deliver sustained value. The administration’s PMA objective to “eliminate data silos and duplicative data collection” will help.
MB: Late 2025 reporting described Pentagon efforts aimed at rapidly scaling small drone procurement and using competitive approaches to accelerate production—explicitly framed as overcoming traditional procurement friction. Why it mattered is it’s a visible example of the broader push to shorten cycles, broaden vendor bases, and buy more like the commercial market — especially for fast-evolving tech.
Melvin Brown is the vice president and chief growth officer at CANI and a former deputy CIO at the Office of Personnel Management.
MH: The personnel and related budget cuts that happened as a result of DOGE have been and will continue to be the greatest challenge as agencies look to prioritize IT modernization, but without a full staff and in many cases smaller budgets. While I feel we are on the backside of the cuts, the challenges associated with this will carry forward into 2026 as we look to rebuild our IT personnel and budgets.
JD: The acquisition workforce has been working through a lot of change this year from the RFO to reductions in force and retirements. We ask a lot of these folks so as we move into the new year, I hope these folks are given the tools and leadership support to drive forward with important initiatives like the RFO, buying commercial and expanding the industrial base. There will be a lot of uncertainty ahead, especially as agencies issue their supplements under the RFO process and they work through another uncertain appropriations process.
NS: DOGE’s push to consolidate IT infrastructure, eliminate redundant systems and mandate shared services will reach critical implementation phases in 2026. I’m watching whether the one-size-fits-all efficiency model can accommodate mission-specific requirements, particularly in national security, law enforcement and regulatory agencies.
The consolidation becomes more acute as consolidation efforts move beyond transactional systems and into complex operational environments such as cybersecurity operations centers, cloud platforms and data centers. These environments are tightly coupled with mission delivery. Bureaus such as the IRS have legitimate mission-specific technology requirements that commodity shared services may not address.
Potential trade-offs of the shared-services centralization that will need to be well designed may be first, impacts to agency/bureau agility both in timelines and innovation, as one-size-fits-all may not work with unique mission needs. Another trade-off is the concentration of risk to a single point; resiliency will be key! Lastly, I’ll say the distance from the customer and potential additional bureaucracy in governance with cross-agency coordination will need to be carefully managed to not suppress time to market on changes and innovation.
MD: In my opinion, the biggest technology/acquisition challenge has (and will be) the rush to adopt and use AI to support federal missions. While there is significant upside to leveraging AI in the government space, there still seems to be a readiness gap in terms of appropriate governance, well-defined use cases, proper training and workforce preparedness, the availability of clean data and policy ambiguity. These issues need to be addressed as agencies are testing out AI to ensure the adoption of new tools does not exacerbate existing friction or result in throwing money at problems by addressing symptoms versus the root causes.
The post Acquisition more than IT drove the news in 2025 first appeared on Federal News Network.