The votes are in for the 2025 FedScoop.

See the winners!

State Department makes multiple awards under $10B IT program

The Department of State announced nearly 50 indefinite delivery, indefinite quantity awards under its Evolve program aimed at IT modernization last week.

In a notice posted to SAM.gov, the department said 28 contractors had received awards spanning five function categories for services related to IT management, cloud and data centers, application development, network and telecommunications, and end user support. The contract has a ceiling of $10 billion and a base period of one year plus six one-year option periods. 

Of all the categories, cloud and data center services and application development had the most awardees, with 14 and 13 respectively. Leidos and Science Applications International Corporation (SAIC) had the highest number of awards across the categories, winning four contracts each.

“The Department of State Bureau of Global Acquisitions is pleased to announce the award of multiple Indefinite Delivery Indefinite Quantity contracts under the EVOLVE program, advancing our leadership in IT modernization across our global mission,” a State Department spokesperson said in an emailed statement Tuesday. 

They added: “Kudos to all the government employees and contractor support staff who contributed to the EVOLVE procurement. This has been—and continues to be—a true team effort.”

The department began the search for contractors under Evolve in 2022 as an answer to its IT contracting needs. At the time, State said it made the decision to pursue the solicitation after determining alternatives, such as recompeting current contracts and using existing governmentwide acquisition vehicles, wouldn’t be feasible. Recompeting would lead to vendor lock-in and existing contracts wouldn’t encompass its unique global mission, it found.

Since then, the process has lingered. Over a year ago, the government provided an update on the original notice that it anticipated “issuing awards on a rolling basis over the next 60 to 90 days by functional category.” Awards and challenges to those decisions soon followed. Per Federal Procurement Data System, nearly two dozen awards matching that solicitation ID have already been made. Several bid protests filed with the Government Accountability Office have now been withdrawn or dismissed.

The State Department didn’t provide comment before publication of this story.

The awardees and the number of awards each received are:

This story was updated Feb. 24 to add a comment from the Department of State.

House passes bill to scrap education requirements from federal contracting jobs

A pullback of educational requirements for federal contracting jobs, including in technology work, moved one step closer to reality Monday.

The Skills-Based Federal Contracting Act (H.R. 5235) sailed through the House and now awaits Senate consideration. The bill from Reps. Nancy Mace, R-S.C., and Raja Krishnamoorthi, D-Ill., would ban minimum education requirements for personnel in some contracts. 

Introducing the bill on the House floor ahead of Monday’s vote, Rep. William Timmons, R-S.C., said the legislation ensures federal contractors can “hire who they want to hire without additional red tape.”

“We should not prohibit those with the right technical skills from performing federal contract work just because they lack a traditional degree,” Timmons said, “and the companies who employ them, those that offer apprenticeships and engage in skills-based hiring, should be encouraged to compete for government contracts, not be excluded from competition.”

Mace, who chairs the House Oversight and Government Reform Subcommittee on Cybersecurity, Information Technology, and Government Innovation, recounted January 2024 testimony from an IBM executive who said “federal contractors are rarely able to place an individual without a four-year degree on a technology services contract, regardless of their qualifications.”

Mace said the issue goes “beyond technology and service contracts,” affecting work across the federal government. Eliminating four-year degree requirements would do away with “a paper ceiling” that blocks “talented Americans” from pursuing opportunities in the billion-dollar industry that “shapes the entire labor market,” she said.   

“When we embed unnecessary degree requirements into federal contracting solicitations, we’re not just making a hiring decision; we’re sending a signal to the entire economy [that] a college diploma is a prerequisite for economic opportunity,” said Mace, noting that Meta CEO Mark Zuckerberg, Oracle co-founder Larry Ellison and Apple co-founder Steve Jobs didn’t finish college.

Under the bill, minimum education requirements for contractors would be barred, though if a contracting officer believes its needs cannot be met without those standards, they could submit a written justification within the solicitation that explains “how the requirement ensures the needs are met.”

The Office of Management and Budget would be required to issue guidance to agencies for the change in policy within 180 days of the law’s enactment. And the Government Accountability Office would be tasked with submitting a report to Congress on the implementation of the amended rules within three years of the law going into effect.

Both Mace and Rep. Suhas Subramanyam, D-Va., said the bill isn’t intended to diminish the value of a college education, and there will still be instances in which one is required. “For example,” Mace said, “we expect a doctor to have a medical degree, but only a small fraction of federal contract work falls into these types of categories.”

But “too often,” Subramanyam noted, “federal agencies put unnecessary degree requirements on contractor positions, and these unnecessary requirements hurt a lot of people, because more than 77% of Americans over 25 don’t have a bachelor’s degree, but many of those individuals have skills training and knowledge to support our agencies and serve the American people, and we shouldn’t block them from those opportunities.”

Mace has also pushed for the rollback of educational requirements in federal cybersecurity jobs. The South Carolina Republican told FedScoop after the January 2024 House Oversight hearing that four-year degree requirements are “clearly hindering our ability to meet the demands that we have in the tech, cyber and innovation AI space.”

Energy Department to present early iteration of Genesis Mission platform this year

The Department of Energy is rapidly building out multidisciplinary teams to support the Genesis Mission as it prepares to unveil a minimum viable product later this year, according to a senior agency official. The format for the demonstration is to be determined, but progress is palpable.

“We’re going to show quite a lot of results this year,” Darío Gil, DOE’s under secretary for science and director of the Genesis Mission, said in an interview with FedScoop. “We’re going to show results on our progress of building AI supercomputers … the software and the agentic framework.”

The agency also plans to showcase the efforts behind the data curation used to train “next generation” AI and the results tied to the application of AI in science and engineering, he added. 

The Genesis Mission launched in November 2025 by way of an executive order that tasked the Energy Department with leading a national, coordinated effort to accelerate innovation and discovery with the latest advancements in AI, quantum and high-performance computing. As part of the initiative, the agency is working to build an integrated platform that draws on federal scientific datasets and expertise from public and private sectors. 

A demonstration of the Genesis platform’s initial capabilities is required by mid-year, according to the deadlines outlined in the presidential directive. Even sooner — by the end of March — the Energy secretary will need to lay out plans for a risk-based cybersecurity strategy that will protect the datasets powering the platform. 

“We know how capable AI-driven cyberattacks will be, and that’s why from day one in everything that we do, we have a red-team, blue-team element to it,” Gil said. “In the demos that the teams were showing me [last Thursday], it was already a built-in thing.”

The teams simulate AI attacks to test defenses, then they iterate based on lessons learned. 

“We’re going to use the most powerful AI network to attack ourselves, and we’re going to use the most powerful AI to defend ourselves,” Gil said. 

The teams are also thinking through security broadly, from information sharing to counterintelligence. 

Looking ahead, Gil wants to quickly assemble teams of stakeholders from the national labs, academia, tech industry and philanthropic organizations. These teams will be informed by responses to the Energy Department’s request for information that closes next week. 

As the second quarter grows closer, Gil expects there will be updates on the agency’s physical infrastructure progress. 

“There are thematic, big milestones by month, but they tend to be more than one thing,” Gil said. “Because we have to keep executing while still expanding the pipeline.”

The role of AI

AI is a big part of the Genesis Mission, but it’s not everything. 

“Sometimes it’s overly centric on the AI,” Gil said of coverage and discussion of the Genesis Mission. “The part that people don’t appreciate is that it’s AI for something — for science, for engineering. Sometimes it just gets reduced.”

Internally at the Energy Department, Gil said they’ve made it a point to decenter AI from the work and, instead, focus on the specialty of the lab or person or organization. 

“We’re not saying, ‘Hey, folks in high energy physics, the most important thing in the world is AI, do AI,’” Gil explained. “What we’re asking is to take AI very seriously as in what it means to your discipline and your area.”

The framing of AI as a solution to a problem, rather than the goal in and of itself, has contributed to higher team levels of enthusiasm and engagement, according to the energy official. 

“That’s the reason it has resonated,” Gil said. “Otherwise, people will be like, ‘That’s not my cup of tea.’”

AI, he added, is just the newest instrument that researchers should leverage in their workflows. 

“It is a story that puts the science and the engineering first, as the foundation of our mission,” Gil said. “It puts our people, our institutions — meaning our laboratories — first, but we recognize that science and engineering are going to be forever transformed because of what’s unfolding.”

The leadership strategy 

As director of the Genesis Mission, Gil said his leadership strategy hinges on four dimensions: mission, team, infrastructure, budget. 

“When you list those things like that, they sound obvious and simple,” Gil said. “But my experience is that very often you end up in a situation where those are not in balance.” 

The official compared the four-pronged strategy to the legs of a table. 

“If one of them is not working, the table is always tilted … you’re always dealing with crisis,” Gil said. “My job as a leader is to make sure that those four elements are solid, and we can build something lasting.”

There is clarity of mission and the work to build out necessary infrastructure is ongoing, according to Gil, who pointed to the initiative’s goal of doubling the productivity and impact of America’s research and development engine via a new platform that brings together advancements in quantum, AI and high-performance computing. 

The team is led by DOE and the national labs in partnership with industry, academia and sister agencies. Formal teams are expected to be announced in the coming weeks and will be centered on the 26 challenges identified by the DOE offices. The department announced 24 private industry AI collaborators in December and hosted an event last week for potential partners in academia and philanthropy. 

Gil said his role is more to inspire than give step-by-step instructions on how to best execute. 

“There’s an element of structure … [but] when we are dealing at the scale of the nation, you just cannot micromanage people,” he said. “The scale of it is too big, too many people, too many options, too many difficulties.” 

The Energy Department is keeping its total budget closer to the chest — Gil declined to say how much the Genesis Mission was expected to cost. 

“My role, in the end, is to be responsible and accountable for the success of the mission,” Gil said. “I take the responsibility that the president and the secretary entrusted me with incredibly seriously. If we get all those four right, we’re going to be wildly successful.”

Fewer than 1% of HHS’s AI uses are ‘high impact.’ It stands out.

Out of the nearly 450 entries on the Department of Health and Human Services’ most recent AI use case inventory, just two fall into a category that would demand heightened risk management practices, raising questions about the agency’s governance process.

While it’s not clear from the information provided whether HHS is actually misclassifying use cases, the small number of entries classified as “high impact” certainly differs from several other high-use agencies — and comes as the health and safety department reported substantially more uses than in 2024

What’s more: The few use cases HHS marked for additional risk management on the previous year’s disclosure are now no longer part of that more stringent category. That includes the Office of Refugee Resettlement’s work with Palantir to parse data from U.S. Customs and Border Protection about parents or guardians of children who have been separated from their families. 

“When we see an agency like HHS have a pretty significant jump in their overall total number of active use cases while simultaneously seeing no increase in the number of high-impact, I think we should be immediately questioning that,” Quinn Anex-Ries, a senior policy analyst at the Center for Democracy and Technology’s equity in civic technology team, told FedScoop. 

Change in risk management for uses like the one at ACF also raises concerns, as there’s an “extremely low” margin of error for those applications, Anex-Ries said. “We’re talking about a use case that impacts some of the most vulnerable members of our society — that’s children who have been separated from their parents,” he said.

As a portion of HHS’s publication, its two high-impact uses are a fraction of 1%. By comparison, high-impact uses make up 23% of the Department of Homeland Security’s inventory, 36% of the Justice Department’s inventory, and 59% of the Department of Veterans Affairs’ inventory in 2025. 

To be sure, a couple of other agencies with large inventories also report little to no high-impact uses and a handful of inventories haven’t even included the category in their 2025 postings. NASA reports just one of its 425 uses is high-impact and the Department of Commerce didn’t include the category. 

HHS is notable, in part, because of the type of work it does.

Valerie Wirtschafter, a Brookings Institution fellow focused on artificial intelligence and emerging technology, told FedScoop she was surprised not to see more uses within the agency, especially given that the Office of Management and Budget AI guidance presumes applications of the technology that could have a significant effect on “human health and safety” are high impact.

They essentially have “a category in high-impact built for them,” Wirtschafter said.

HHS has not engaged with multiple requests from FedScoop to respond to questions about its inventory. That includes detailed lists of questions about the high-impact process submitted to department press inquiry forms and emailed to spokespeople. Palantir also did not respond to a request for comment on its awareness of the changed risk management approach. 

Changing terms

The high-impact designation for AI uses was first outlined in the Trump administration’s April 2025 memo to agencies on AI governance. It came as an evolution of labels created under former President Joe Biden to identify and manage deployments that pose potential risks. Those were known as rights- and safety-impacting uses.  

While the labels from each administration have some differences, they share a lot in common. The definitions are relatively similar, turning on whether a use serves as “a principal basis” for agency decisions and actions that significantly affect an individual’s rights or safety. President Donald Trump’s guidance mostly streamlines the labels into one category.

Both administrations defined uses that are “presumed” to impact the rights- and safety of the public, prescribed heightened risk management steps for any that fit the bill, and set a date to sunset tools that didn’t meet all of the requirements. For Trump, that deadline is coming up in early April.

The types of deployments presumed to need heightened risk management include critical infrastructure uses, medical devices, and biometric identification. Under both administrations, agency officials have had discretion to determine whether a presumed use case does not actually meet the definition, but they must track those decisions.

If a use case is determined to need additional risk management, agencies must conduct pre-deployment testing, complete an AI impact assessment, monitor performance and potential adverse impacts, ensure human users are trained, and ensure people who are impacted by decisions stemming from that tool “have access to a timely human review and a chance to appeal any negative impacts, when appropriate.”

In 2024, roughly 16% of use cases across the federal government were rights- or safety-impacting, with DHS, DOJ and VA again leading the pack. HHS had reported a small number then, too. Despite having the highest number of use cases for any agency last year, HHS’s disclosure had only four that fell under the increased risk management labels. None of those entries are listed as high-impact on the department’s inventory.  

Loss of risk management

Of the four formerly rights- and safety-impacting uses, two were at Health Resources and Services Administration and two were at the Administration for Children and Families. It’s unclear whether one of the ACF use cases is still on the 2025 posting. However, the other three carried over and are not marked high impact.

Among them is the Palantir system being used by ACF’s Office of Refugee Resettlement. The entry is titled “Structuring and Validating Completeness of Case Data Information” and is an agentic AI system used to help the agency more quickly review information about a minor’s parents and the reason for separation. 

According to the inventory, when a minor is separated from their parents or legal guardian, CBP “is required to send certain pieces of information about the parent/legal guardian.” That process has been in place since November 2024 and is in accordance with a legal settlement known as Ms. L. v. ICE. That settlement limited the circumstances under which parents and legal guardians could be separated from their children.

That information is sent to ORR “in a block of free text” that sometimes doesn’t include required information and the office, historically, has tracked that information “manually and inconsistently.” The tool, called ACF Horizons, is described as providing “more easily searchable and accurate data on family separations” and “quicker validation of CBP compliance in essential data sharing for separated families, enabling faster follow-up as needed to receive any missing data points.” 

Despite being listed as “safety-impacting” last year, the new inventory states that it was presumed high impact but determined not to be. The reason provided by the agency is that it’s “narrowly focused on extracting key data points from scanned notices” and the outputs don’t “serve as a principal basis for decisions or actions with legal, material, binding, or significant effect” of the categories in OMB’s memo.

The other previously safety-impacting ACF use case was for triaging ORR’s backlog of “notice of concern” forms, which are used to convey information about the safety of children who have been released from the agency’s care. That use case is very similar to one listed on the 2025 inventory, though it does not have the same title.  

On the 2025 use case inventory, the entry is titled “Structuring Notice of Concern Data” and states that AI will be used to extract data points from those narratives and review the completeness of those forms. According to the inventory, ORR received hundreds of the forms each day. It cites a personnel shortage in the team that reviews those documents — the Prevention of Child Abuse and Neglect Team — as a reason for the backlog. 

The 2024 use case, titled “Triaging Notice of Concern Submissions,” similarly was used to review those forms and address the backlog — but also stated that the AI tool would be used to provide recommendations on prioritization of those documents. The new entry does not reference prioritization.

ACF states that while the use is presumed high-impact, it was determined not to be. Similarly to the use case for parsing parental and legal guardian data, the agency said the use is “narrowly focused on extracting key data points from unstructured narratives and validating data completeness,” and the outputs aren’t a principal basis for a decision as defined under the memo.

Meanwhile, at HRSA, the two use cases not listed as high impact in 2025 are aimed at streamlining the process of reviewing applications for nursing scholarships. Both uses are not even listed as having been presumed to be high impact and are both still pre-deployment.

One of those entries, titled “Scholarship Insight,” would deploy generative AI to review essays submitted for the National Health Service Corps and Nurse Corps Scholarship. That AI would be trained to review those essays and “do the first cut at scoring.” 

The other entry, titled “Site Application Analysis,” would be used to review documents that determine the eligibility of sites to employ members of NHSC and Nurse Corps — as well as the Substance Use Disorder Treatment and Recovery Loan Repayment Program.

Lack of accountability

The only two high-impact tools that do appear on HHS’s inventory are both in pre-deployment phases and have few additional details, such as the vendor or system name.

ACF, for example, has an entry titled “Unaccompanied Child Sponsor Identity Verification.” That use case is intended to vet adults applying to sponsor or care for a child currently under the care of the Office of Refugee Resettlement, per the inventory. While it will use “computer vision,” the outputs were simply described as “confirmation that person A is person A at all touchpoints of the sponsor vetting process.” 

The Centers for Medicare and Medicaid Services also reported a test of a system called iVeri-Fi labeled as high impact. That entry states that the government contractor Secro already began using the tool in 2024 and that the tool is already used as part of the agency’s “Eligibility Workers Support System (EWSS).” It states that the tool will “make the adjudication decision using Remote Identity Proofing (RIDP) business rules.” It is not clear what “adjudication decision” it is referring to. 

A total of 13 additional entries were presumed high-impact but determined not to be.

Advocates and researchers reviewing the inventories were deeply skeptical of the department’s small showing and pointed to a need for additional information and explanation to hold agencies like HHS accountable for their uses.

Cody Venzke, a senior policy counsel in the ACLU’s National Political Advocacy Department who is focused on surveillance, privacy, and technology, pointed to longstanding concerns with agencies’ ability to make exceptions in their publications. 

“Agencies are not providing a full description of their analyses, releasing an explanation of how they’re taking advantage of particular exceptions, and that raises significant concerns that we can’t double check at the agency,” he said.

Anex-Ries, from CDT, similarly questioned the sincerity of the reasons agencies provided for uses not meeting the high-impact bar, particularly when those answers aren’t detailed.

HHS — similarly to the Department of Homeland Security — appears to be using the definition’s use of “a principal basis” for decisions as a workaround to get out of classifying presumed high-impact cases as high impact, Anex-Ries said.

“I think this should definitely raise eyebrows about whether this is a faithful reading of the definition or an opportunistic reading of the definition to avoid safeguards on the part of the agency, and really what it comes down to is that the justification we get is only two sentences long,” Anex-Ries said.  

Ultimately, the category and minimum risk management practices are meant to prevent negative impacts of the technology. As the Trump administration’s own memo describes it, the category is a method to ensure that AI is serving the public.

“Every day, the Federal Government takes action and makes decisions that have consequential impacts on the public,” Trump’s OMB memo said. “If AI is used to perform such action, agencies must deploy trustworthy AI, ensuring that rapid AI innovation is not achieved at the expense of the American people or any violations of their trust.”

GSA reveals first round of awards for Alliant 3 contract

After a series of protests that led to a protracted evaluation period, the General Services Administration is moving forward with the Alliant 3 procurement, announcing Friday the first round of awards for the governmentwide IT services contract.

The GSA said in an online award notice that it received 133 proposals for the Alliant 3 Governmentwide Acquisition Contract (GWAC) solicitation and selected 43 winners for the first phase. Those not chosen are still eligible for future award phases until the agency has selected all 76 recipients, per the notice. 

The announcement comes more than a year after the GSA issued the request for proposals for the next iteration of the GWAC award, which has no maximum dollar ceiling, due to unsuccessful bid protests from multiple vendors. The latest iteration of the vehicle is a multiple-award, indefinite-delivery, indefinite-quantity contract for a variety of IT-based services that builds upon the GSA’s Alliant and Alliant 2 GWACs.

With these awards, agencies can issue task orders for services including cybersecurity, data solutions, systems engineering and cloud services, the GSA said. 

Longtime government contractors like Maximus, Booz Allen Hamilton, General Dynamics Information Technology, and Leidos were among the 43 phase one winners

Josh Gruenbaum, the commissioner of the GSA’s Federal Acquisition Service, said in a press release Friday that Alliant 3 offers a “streamlined approach to IT procurement” and will help reduce duplication and administrative costs while strengthening the government’s overall purchasing power. 

While Alliant 3 is the next chapter for the Alliant GWACs, the GSA previously said it differs in that it is a “new unrestricted enterprise GWAC” with a greater focus on emerging technologies, performance-based contracting measures, and small-business subcontracting, among other changes. 

“The Alliant 3 contract expands on the legacy of previous Alliant vehicles by providing a broad, unrestricted pool of industry partners evaluated for technical capability and past performance,” GSA wrote in a statement. 

Though Alliant 3 has no ceiling, it carries a minimum contract guarantee of $2,500, per the RFP. The GSA previously said it is evaluating proposals from the highest total claimed score to the lowest, and will select the 76 highest scores as the preliminary qualifying proposals. 

Lawrence Hale, the assistant commissioner for the GSA’s Office of Information Technology Category, said the contracts will be “simplifying how agencies access critical IT services through a single, governmentwide contract.”
Its predecessor, Alliant 2, was considered a success, with a $50 billion ceiling and an estimated value of $36 billion spent as of 2022, prompting the quicker start of Alliant 3. The GSA extended the proposal timeline for Alliant 3 multiple times, with the final due date last April.

House Democrats question DHS, ICE use of surveillance tech

Democratic lawmakers are once again pushing back on the Department of Homeland Security’s expansive use of surveillance technology, with more than a dozen members of a House Oversight subcommittee expressing concern in a letter to Secretary Kristi Noem over the agency’s processes for collection and analysis of cellphone data.

The representatives pointed to recent reports of the agency procuring tools from Penlink, which is said to collect cellphone location data and allow customers to search for devices, and Paragon, a vendor known to enable access to a mobile device without the owner’s knowledge or consent.

Without guardrails, these tools introduce risks to data privacy and civil liberties, according to the signatories of the letter, which was led by Rep. Shontel Brown of Ohio, ranking member of the House Oversight Subcommittee on Cybersecurity, Information Technology, and Government Innovation.

“Location data can reveal intimate details of a person’s life, including where they live, work, worship, go to school, or seek medical care,” the lawmakers said. “DHS could use these tools to identify individuals for targeting based solely on their presence in certain locations, without a warrant or probable cause and regardless of their citizenship or residency status.”

The 13-member group requested a briefing before March 5 to discuss internal DHS communications around the acquisition of location-based electronics surveillance, any legal justifications for surveillance without judicial or administrative warrants, DHS’s processes for storage, use and disposal of the data collected through these tools, and the process for monitoring abuses and granting data access. 

“The continued acquisition of such spyware technology suggests DHS is relying on mass data collection techniques that the Department can use without cell phone users’ knowledge and which may operate outside of constitutional guardrails,” the lawmakers said in the letter. “Americans should be able to trust their government to uphold the Constitution and respect fundamental rights.”

Questions about how the agency is conducting oversight of its technology toolbelt have ramped up over the past year, especially as use in law enforcement and investigative operations expand. 

DHS has increased its AI use cases by nearly 37% since July 2025, according to its latest inventory. Immigration and Customs Enforcement has driven the jump, and many of the agency’s most controversial and high-impact use cases have incomplete risk management processes. 

“Trump’s ICE has been a public safety and civil rights disaster, and now we have heard reports of tools that could enable dragnet digital surveillance of entire communities,” Brown said in an accompanying press release. “DHS must immediately explain its legal authority and its privacy safeguards.”

The letter was cosigned by Reps. Yassamin Ansari of Arizona, Greg Casar of Texas, Jasmine Crockett of Texas, Ro Khanna of California, Raja Krishnamoorthi of Illinois, Stephen Lynch of Massachusetts, Dave Min of California, Eleanor Holmes Norton of D.C., Emily Randall of Washington, Lateefah Simon of California, Rashida Tlaib of Michigan, and James Walkinshaw of Virginia. 

In addition to location-based electronic surveillance, lawmakers have raised concerns about the agency’s mobile biometric applications and broad data collection processes, as well as the lack of information on cybersecurity protections, retention limits and independent audits. 

The agency’s watchdog office also has its eye on privacy practices at DHS. 

Inspector General Joseph Cuffari launched an official audit earlier this month to determine how DHS components are collecting personally identifiable information and the extent to which the data is managed, shared and secured, according to a Feb. 5 letter published by Virginia Democratic Sens. Mark Warner and Tim Kaine. 

Treasury watchdog finds poor data practices in financial crimes unit

The Treasury Department bureau in charge of fighting financial crimes hasn’t complied with applicable laws, regulations, directives, or governmentwide standards in its role managing Bank Secrecy Act data, according to a watchdog report released this week.

Treasury’s Office of Inspector General found that the Financial Crimes Enforcement Network has fallen short on a number of data protection mandates. Many of the issues cited by OIG center around FinCEN’s handling of memorandums of understanding for BSA data, including with agencies. 

The BSA data overseen by FinCEN — the Treasury division tasked with combatting money laundering, terrorism financing and other illegal activity — covers everything from Suspicious Activity Reports to Currency Transaction Reports. Most BSA data filers are businesses, and roughly 88,000 records are submitted to FinCEN every day, according to the Treasury Inspector General, which conducted its audit from June 2019 through April 2024.

However, the OIG unearthed several problems with agency data transfers. The watchdog pointed specifically to Customs and Border Protection, which provides reports of currency transportation and related information to FinCEN, whose authorized employees access that data and conduct agency business based on it. Access is granted to some external users at agencies under MOUs between FinCEN and the respective agency.

In some cases, according to OIG, FinCEN failed to execute on a bulk data MOU with an agency. The watchdog found that the Office of the Comptroller of the Currency, for example, had access to bulk data for more than a decade without having a written agreement that documented the responsibilities of both parties. 

“Since an MOU communicates the mutually accepted expectations of each party, failure to fully execute one can result in misunderstandings as to an agency’s responsibilities, including those regarding information security, documentation, and training, as well as limitations on re-dissemination of BSA information,” the report stated. “In 2022, FinCEN disabled OCC’s bulk data access.”

All told, OIG found that FinCEN granted “platform program access” to users from 11 agencies despite not having MOUs in place, violating standard operating procedures for BSA data. FinCEN told the watchdog that it is now developing SOPs for these instances and plans to present those agreements to the agencies in question.

The MOU issues didn’t end there. According to the report, FinCEN did not update, properly maintain or execute its BSA data MOUs, nor did it accurately track agencies that did sign those agreements. The watchdog noted that the Treasury unit did provide it in 2019 with four records that listed agencies that had BSA data access.

“However, the records were inconsistent as they each identified a different number of agencies with BSA data access because of inaccuracies, including omissions,” OIG wrote. “For example, one FinCEN record identified 13 agencies had bulk data access, while another record identified 14 agencies. However, we found that only 11 of the 13 and 14 agencies had that type of access. Additionally, one record erroneously omitted four direct access MOUs.”

The watchdog delivered 14 recommendations to FinCEN aimed at improving its management of BSA data access. The Treasury bureau agreed with those suggestions and provided corrective actions it had already taken and others it planned to pursue. 

How to make Tech Force work

The Office of Personnel Management recently announced that U.S. Tech Force, starting this September, will place 1,000 fellows annually into federal agencies for one- or two-year terms, supervised by managers hired from the private sector who report to agency heads. If agencies can get them on real projects that ship products and lean into their engineering-focus, this could improve tech efforts in the government. If not, and if this fails to internalize the relevant lessons from previous government digital service efforts, it’ll be the latest round of innovation theater — a waste of money for the agencies and a waste of time for the participants.

I’ve worked at the AI Corps and in other federal technology roles. At the Department of Homeland Security, I was an AI/ML engineer on what was the largest AI team in the federal government, and prior to that, I was a data scientist and Army civilian. While the irony is not lost on me that OPM is engaging in one of the largest tech hiring efforts in federal history coming in the wake of dismantling many of those same teams — mine included — I know the world is full of irony, and I still wish anyone well who takes civil service roles to make government work better.

This administration includes people who have shown significant hostility toward civil servants and no interest in building functional government services. It also includes people who are trying to make things work — as shown in the recent data.opm.gov redesign, which interviewed users like me and was responsive to our requests.

I’m not here to tell anyone they should go work for the federal government right now. But, regardless, things are going to keep getting built. Some of it will be built well and some of it won’t, and the difference will depend partly on whether the people involved — at OPM, at the agencies, and in the Tech Force itself — make specific decisions that set these efforts up for success. That’s what this piece is about. Whether this program reflects a genuine commitment to improving government services or is primarily a branding exercise, a thousand people are going to show up at agencies in September. What happens to them depends on decisions being made right now.

I think meaningful tech expertise is woefully absent in some of the most critical parts of the public sector. And I’ve seen what makes technical efforts succeed and, more often, what makes them fail. The reality is that while many technology initiatives in the past did achieve real results — from Veterans Affairs to online immigration web forms, to brief-but-successful Direct File tax efforts — many were also innovation theater. Instead of accelerating working code and time and cost savings, many of these efforts left the programs they touched with unread reports, wasted hours of interviewed employees’ time without tangible results, and splashy press articles about culture change and the challenge of government — with little change in the actual federal services offered. This was not always their fault, but often they had the wrong organizational incentives and tools that should have enabled success.

The Tech Force also has some unique characteristics and a different focus from other similar tech talent efforts, such as the U.S. Digital Service, 18F, Civic Digital Fellows, and the AI Corps. First, the elephant in the room: There is no way the culture won’t be at least partially influenced by public impressions of the Department of Government Efficiency‘s highly controversial approach to government reform. But there are also more mundane differences: It has a decidedly engineering-heavy focus compared to other tech initiatives that traditionally include other roles like product managers and designers. It places a heavy emphasis on earlier career talent that will not stay for a long time — a two-year term seems to be a strong focus in its advertising materials, whereas even other termed roles in the other digital service teams were rarely less than four years. And it is much larger than other efforts: If Tech Force achieves its goal of 1,000 people, that will dwarf even teams like the U.S. Digital Service that reached a few hundred people at its zenith.

Setting the Tech Force — and its unique characteristics — up for success will require real work beyond just recruiting and hiring people. It may seem obvious that if there’s a deficit of tech talent in government, bringing people on will be useful. But the math isn’t that simple. Now — not when the fellows show up — is the time to figure out what this program is going to be and make sure agencies are prepared on day one. Hopefully they are already doing this but if not, here’s where to start.

Find the projects

The biggest organizational advantage the agencies can provide Tech Force is a clear purpose. What you don’t want to have, especially with a decentralized organization like Tech Force, is lots of engineers with only the mandate to “make things better.”

This is because in large organizations there are significant learning curves before staff can be meaningfully productive. The time it takes to get other staff up to speed — especially when it’s unclear how committed a transient, high-visibility group will be to a given project — gives little incentive for those same career and contract staff to invest in the relationship and knowledge building needed to let Tech Force succeed. In government, the biggest risk is often where people invest their time and who they build relationships with — so make it worth their while.

That means a clear purpose and project: “We are assigned to reducing immigration backlogs.” “We are supposed to improve AI-related cybersecurity defense in Air Force systems.” “We are tasked with improving VA call center wait time.” Something that says who in the bureaucracy needs to care about the Tech Force’s presence and roll out the welcome mat.

The clear purpose can be established two ways: on existing projects or on new ones. For the existing ones, there will be the standard requests to political appointees of projects that need support. However, this is a double-edged sword. Political appointees often have mediocre senses of timing of when to include additional tech staff in a project. Adding Tech Force too late to an existing effort can risk slowing down something that is close to completion. Too early, and there might not be any work to do and you’ll cause territorialism.

Political appointees also pick projects based on what they care about, not what’s feasible. Projects that leadership are most excited about may be the worst fits for Tech Force — big, complex, high-stakes efforts that need full product teams and multi-year timelines, not junior engineers on one- or two-year terms. Someone needs to be able to tell the secretary no. That’s partly on the managers, but it’s also on OPM to vet projects for feasibility before matching begins — not just “does this align with administration goals?” but “can engineers ship something quickly and well given the starting conditions?” Prior to managers being hired, offices requesting Tech Force support won’t know the answer to that question either. OPM needs people who can work with agencies to figure that out.

There are also “new projects.” Timed correctly, plugging in Tech Force is an easier transition. Without an existing bureaucracy working on something, as we’ll discuss later, there’s less territorialism to navigate.

Doing this project scoping could easily be a full-time role at OPM between now and September. Calls need to be put out at the agencies for ideas and the vetting needs to start as soon as possible. Getting at least some of this work done before onboarding is crucial because these are one- and two-year terms. Burning six months figuring out what someone should do eats a significant portion of their entire tenure. Also, the kinds of projects that agencies need done should inform what OPM screens for in hiring.

No matter what Tech Force does now, some of the ideas will turn out to be duds. But to whatever extent it can start to understand what might be in the pipeline, get agencies thinking about how to identify good projects, and inform the existing hiring process, the more OPM can reduce the risk of innovation theater.

Ship and own projects

After project definition, scoping the Tech Force’s role on that project is also important. Unlike many other past federal technology efforts that included other roles like product managers and designers, Tech Force seems focused on engineers.

Even with roles actually well-suited to being less “hands-on,” it’s easy in government to get stuck on projects that are advisory in nature or where you’re only embedding fellows individually into existing contractor teams. That work can sometimes be valuable, but with the engineering focus of Tech Force, unclear or advisory roles can lead the technologists to spend most of their time having opinions about other people’s code instead of writing their own. Whenever possible, Tech Force and its managers should lead the engineering efforts, architectural decisions, and development decisions of the products. When agencies offer spots for Tech Force, as much as possible, that role should be clearly defined in their requests.

Sometimes past technology efforts didn’t take ownership, in part, because they were limited by staffing and were not large enough to ensure successful delivery. But if OPM hits its goal of 1,000 program participants — and given the initial 35,000 expressions of interest, this seems possible — it should be feasible to have real development teams that are primarily made up of Tech Force participants.

Where that has happened in the past, the stories have often been successful: IRS’s Direct File tool that lets people file taxes directly with the government is a great example of this. At its height, dozens of team members from federal digital service organizations worked alongside agency counterparts. It worked because they built something — not a report about what should be built, not an assessment of existing systems, but working software that people used — and staffed it appropriately.

Another example from my own team: DHSChat, the internal generative AI system the AI Corps built at DHS in less than six months. At one point, almost a third of the AI Corps team was dedicated to it. It got built — and scaled — because the team shipped real working software that people used. And, because it was a greenfield project, there were far fewer challenges in integrating into existing agency teams or resolving the inevitable territorialism between federal partners — or the contractors working for them.

Your development environment

Even with a clear project and a clear role, Tech Force will also face another challenge: On day one, they probably won’t be able to actually deploy any software. Without necessary planning, the default computer you receive from your agency will be a brick to your average software engineer. Most government computers, of course, do not let you install any software, access a development environment, or even have resources on where to resolve those issues. And at most agencies, if you want a Mac, good luck — getting hardware that engineers need, like MacBooks for machine-learning work, can take months of procurement battles.

At the AI Corps, our leadership spent nearly nine months trying to get a headquarters deployment environment for model training and GPU cloud infrastructure set up. By the time I left, it still wasn’t operational. I heard later the project was cancelled when the office couldn’t find money to hire a contractor to work as a dedicated information system security officer — something we didn’t know we had to do many months into the project.

There are other infrastructure issues, too. Do you have git servers? What AI coding tools will fellows be allowed to use — the ones engineers actually use, like Claude Code? Or will you tell them Copilot Chat is close enough? The people you want to hire are going to expect industry-standard tools. And if you can improve tooling access for other engineers at the agency while you’re solving this for your own staff, that’s a bonus.

Working through these questions will also help with scoping projects realistically, because what’s realistic depends partly on how you solve the development environment problems.

The managers

The OPM memo says fellows will be supervised by managers hired from the private sector. Who you hire and what you teach them matters.

These managers need to understand how government technology projects work before they start. They should read Recoding America. They should talk to people who led previous digital services efforts and find out what worked and what didn’t. They should understand the basics: how systems get ATOs, how contracting works, what authorities they’ll have and which ones they won’t.

You don’t want managers whose theory of change is “we’re going to hire some good engineers and things will get better.” That’s not a theory of change. Government is full of good engineers who can’t get things done because of where they sit, what access they have, and how decisions get made. If the new managers don’t have a more sophisticated model than “talent solves problems,” they’re going to be frustrated and their teams will be ineffective.

The right managers are curious about why previous efforts succeeded or failed. They want to understand the constraints before they start pushing against them. They’re thinking about organizational dynamics, not just technical problems. And if they aren’t curious about what has or hasn’t worked in the past, they are, as the cliche goes, likely to repeat it.

The headwinds

These fellows aren’t going to work in a vacuum. To be successful, other people at the agencies — civil servants and contractors — are going to have to work with them. This is harder than it sounds.

Embedded teams that don’t report to you and do report to leadership are threatening. Everyone knows this. They’re just as likely to replace you or flag problems up the chain as they are to help. This is even worse in the government, where most technical efforts are not staffed by federal employees, but by contract teams who are usually paid based on how many hours they bill — meaning that they are incentivized to control more work themselves. Even when the contract is not structured like this, they have a strong incentive to ensure they are the primary resource of technical know-how to ensure they remain in the strongest position for future recompetes. They don’t want to be replaced.

Now, there are many great and patriotic federal IT leaders and contractors working on technology projects throughout the government, and I’ve seen their commitment to duty and mission overtake their narrow self-interest many times.

But individual virtue is not enough to overcome the fact that there are few organizational and political incentives to welcome Tech Force among either contractors or other federal civilians. A secretary’s support is helpful, but agency heads are busy, and rarely have the time to help with the thousands of minor roadblocks that teams of smart, junior engineers will face.

This brings us to a decision that is going to make all of this harder than it needed to be. The same administration launching Tech Force largely dismantled the existing network of federal digital service teams — USDS, 18F, parts of the AI Corps, and others — that represented the closest thing the government had to institutional knowledge about how to do what Tech Force is attempting. Those teams made plenty of mistakes, but they also learned, often painfully, what it takes to ship working software in a federal environment. That knowledge didn’t disappear when the teams were disbanded. It lives in the people who did the work, many of whom are now in the private sector and would be reachable if OPM made the effort.

This isn’t just a point about irony, though the irony is hard to miss. It’s a practical recommendation. OPM should be actively consulting with alumni of previous digital service efforts — not to replicate those programs, but to avoid relearning lessons that were expensive the first time around. What development environment problems did they hit? How did they handle the trust issues with career staff? Which agency projects were good fits for termed technologists and which ones weren’t? That knowledge exists. Use it.

And then there’s the trust problem — which is a problem for all the reasons it was always a problem with digital services teams in government, plus some new ones because of what happened to the civil service in 2025, which not coincidentally is why I’m no longer in government.

You don’t have to agree with the narrative that political leadership is hostile to career staff, or that Tech Force fellows might be there to spy for leadership, or that the interest in AI is primarily about eliminating jobs. But these fellows will have to work with people who believe some version of it, if they want to be effective. It’s not going to be possible to fully mitigate this. But there are things you should try.

At the AI Corps, leadership was explicit with staff at partner agencies: Fellows on projects were there to serve that agency’s mission, not report back to headquarters. That framing helped — but only because it was true, and the leadership backed it up.

For Tech Force to work, fellows need a clear mandate that they’re there to help the agency succeed — not to report on civil servants, and not to scout for workforce reductions. If that’s not actually the arrangement, people will see through it and freeze fellows out.

The opportunity

People who’ve done this work before are skeptical of Tech Force, and for good reasons. We’ve seen programs that sounded good on paper produce very little. We’ve seen talented people burn out fighting bureaucratic battles instead of building things. We’ve seen “innovation” get good press coverage and turn into nothing.

But there are better and worse versions of this. A thousand fellows annually, with real projects, working development environments, prepared managers, and a mandate to ship things — that’s a version worth trying. A thousand fellows dropped into agencies that haven’t done the prep work, managed by people who aren’t curious about understanding government, with no clear projects and no path to deployment — that’s a version that wastes everyone’s time and will only serve to prove critics right.

I’ve been asked, in various ways, why I’m writing advice for a program launched by an administration that dismantled the team I was on. The answer is simple: I care more about whether government technology works than about who gets credit or blame for it. And I’d rather be specific about what success requires than add to the chorus of people who are, understandably, skeptical. 

Skepticism is warranted. But a thousand people are going to take these jobs. The agencies they walk into will either be ready or they won’t. That part is still up for grabs.

Abigail Haddad is a former artificial intelligence/machine learning engineer with the Department of Homeland Security’s AI Corps.

White House looks to pilot AI, ‘empower CISOs’ in push to improve cyber resilience

As the era of artificial intelligence stands to both increase cyber threats and aid efforts to counter them, federal government leaders are looking to bolster resilience with improved coordination, support for leaders, and new AI tools, a White House cyber official said Thursday.

During remarks at CyberTalks, Michael Duffy, the acting federal chief information security officer within the Office of Management and Budget, shared several actions federal leaders have taken recently to boost the government’s cybersecurity, calling the present technology moment “pivotal.” 

“As we enter this new era defined by AI, interconnections, [and] the expanded dependencies that all of us have, we can’t wait for the next crisis to inspire our action,” Duffy said.

Existing policies were largely shaped by responses to major cybersecurity events over the last decade and don’t account for risks of the new AI era, he said. So as leaders look to adapt those practices, they must ensure that what they put in place can endure. 

As a step to achieving the Trump administration’s cybersecurity goals, Duffy said he convened civilian agency cyber leaders last month in a meeting he called a “first” for the government. 

That so-called “tabletop” discussion convened over 60 cyber professionals and leaders, including CISOs and security operations center directors (SOCs). Topics included protocols, procedures, overlaps, gaps, and potential weaknesses when it comes to faster and scalable attacks, among other things, he said. Already, some of the opportunities highlighted are being put into place.

“The bottom line is, cross-agency teams can no longer respond to massive cyber incidents to the federal government with sharing emails and phone calls and PDF files on threat intelligence,” Duffy said. “This is a different time. We have to make sure that we’re postured correctly to address that call.”

Additionally, leadership is looking to “empower the CISO role to make strategic decisions in a moment’s notice,” Duffy said. That includes decisions the information security professionals make for both administrative things — like budget, resources, and strategic plans — as well as “when disaster strikes.”

“In doing so, we’ll consider things like redundant, insufficient capabilities, the use of modern technologies and modernized enterprise-wide capabilities and shared services such as Continuous Diagnostics and Mitigation,” Duffy said. CDM is a program run by the Cybersecurity and Infrastructure Security Agency and provides security tools and dashboards to participating agencies. 

Finally, Duffy said leaders are also working with agencies to improve cyber defense with new tech through pilots of several AI tools. A “small set” of cyber-relevant uses are currently being identified.

“We have to be proactive, highlighting what might work. Test it out. See if we can scale it from one agency to the next so that we can build the roadmap moving forward,” Duffy said.

That effort follows work by Federal CIO Greg Barbaccia to conduct a “federal AI sprint” on general uses of the technology in government, which Duffy said they’ve seen “positive progress” on. “We’re now turning our attention to cyber-specific use cases to ensure that we are ready for the threat,” he said.

Federal CIO Greg Barbaccia tapped for two leadership roles at GSA 

Federal Chief Information Officer Greg Barbaccia will be adding two new titles — at least temporarily — to his work in government. 

The General Services Administration announced Thursday that Barbaccia will join the agency as the acting director of Technology Transformation Services. He’ll be replacing Thomas Shedd, one of the few officials left at the agency who helped carry out the so-called Department of Government Efficiency’s cost-cutting initiative last year. 

Shedd will remain at the agency as its senior advisor for fraud prevention, which the GSA said is “an area of increasing importance for the agency and the administration.” 

The GSA, in a press release, touted Shedd’s leadership at TTS, including his work on “core program priorities,” such as the expansion of Login.gov and the “cleanup” of Sam.gov. The move is effective immediately, per GSA.  

Shedd, who has been on an “unpaid leave of absence” from Elon Musk’s electric vehicle company Tesla since the beginning of President Donald Trump’s second term, has also served as deputy commissioner of the GSA’s Federal Acquisition Service, though it is unclear if he will remain in that role. 

Barbaccia applauded TTS’s work under Shedd, writing in a statement that it has worked to “modernize how the federal government builds and delivers digital services, making interactions with government simpler, more accessible, and more efficient for the American public.” 

The federal CIO was also tapped as senior advisor to the GSA administrator, the agency said. In this role, advising former privacy equity executive Edward Forst, Barbaccia will focus on “emerging technologies, best practices in digital delivery, and cross-government collaboration.” Barbaccia said his dual roles at the agency are “ensuring continuity of leadership and a strong focus on delivering value to the taxpayer.”

Forst said in a statement that “Greg brings a powerful combination of technology strategy and hands-on execution that will accelerate GSA’s mission to transform how the federal government buys, builds, and delivers digital services.” 

The move is the latest in a string of shakeups for the GSA, which was once considered a DOGE stronghold under Musk early last year. Multiple DOGE-affiliated figures have departed the agency or left government in recent months, including Stephen Ehikian, who served as GSA’s acting head until last July before moving to the deputy administrator role until September. 

Barbaccia, who has also identified himself as the federal chief AI officer, has repeatedly discussed GSA initiatives in his role as federal CIO. In a sit-down interview with FedScoop last December, Barbaccia shared details on the administration’s plans to reshape how the government buys cloud technology through the GSA’s 20x initiative, as well as increasing information-sharing among agencies on government contracts.