If you develop or sell commercial-off-the-shelf (COTS) technology that ends up in Department of Defense (DoD) environments, there’s a new bar you have to clear. Katie Arrington, the acting DoD CIO has issued a new memo that directly impacts how you manage your software supply chain, and it’s going to change how COTS vendors prepare for procurement.

As the need for innovative artificial intelligence grows, regulatory bodies are working quickly to create frameworks that balance acceleration with safety, accountability, and trust. Notably, the European Union’s AI Act is poised to reshape how organizations approach AI governance, especially when it comes to general-purpose AI (GPAI) models.

This signals document reviews the current state of software security initiatives in the federal government and the Department of Defense (DoD), highlighting key programs and policies aimed at enhancing cybersecurity. This includes the recent Executive Order 14306 (signed on June 6th), the DoD’s new Software Fast Track (SWFT), and SSDF and associated CISA attestations under the Biden Administration, part of which were rescinded via Executive Order 14144.

The global push to both regulate and strategically accelerate the development of artificial intelligence (AI) has gained momentum over the past year, resulting in a diverse landscape of evolving frameworks, policies, and executive directives. In the United States, this dual focus on oversight and innovation has translated into a series of executive orders and formal federal AI governance initiatives.

The FedRAMP 20x pilot marks the most significant shift in federal cloud security in over a decade. Launched in May 2025, the program aims to modernize the authorization process by emphasizing speed, automation, and real-time security validation. For organizations pursuing Low Baseline authorization, the 20x path offers a faster, more efficient entry point into the federal market.

Have you read the recently released America’s AI Action Plan yet? If so, you know that it’s full of ambitious goals to strengthen the country’s leadership in artificial intelligence. For me, one part in particular stood out immediately, the White House issued a clear call to action to the data center industry.

Organizations seeking to work with the US government today must navigate a growing array of compliance requirements. Among the most prominent security frameworks are the Cybersecurity Maturity Model Certification (CMMC) and Federal Risk and Authorization Management Program (FedRAMP), each playing a critical role in securing federal information and systems.

As the EU's digital landscape evolves, so does its regulatory environment. With the NIS2 Directive, the Cyber Resilience Act (CRA), and the Digital Operational Resilience Act (DORA) all advancing on different timelines, organizations must prepare for a complex yet increasingly harmonized set of cybersecurity and resilience expectations.