GovRAMP released two new publications that outline a path forward to decrease cybersecurity fragmentation across federal, state and local government. “Harmonization is no longer just a compliance discussion — it’s foundational to modernization,” GovRAMP Executive Director Leah McGrath said in an April 16 press release. “Every delay caused by duplicative requirements is a delay in securely deploying the capabilities government depends on. Our focus is enabling faster, more effective action while strengthening security outcomes.”
“A RED alert is flashing for security and government agencies,” said GL Solutions CEO Bill Moseley. “Many agencies still treat software security as a given. This perspective was never safe for sensitive government data and functions. It’s a terrifying perspective in the age of AI. Anthropic recently withheld the release of the latest model because AI discovered hundreds of flaws in operating systems and other critical internet infrastructure, some 20 or more years old. Cybersecurity researchers literally worried the internet would be shut down. It’s only a matter of time before criminals get access to these tools. Are agencies prepared?”
The cybersecurity framework harmonization publications — 2026 GovRAMP Symposium — A Path Forward for Framework Harmonization and 2026 GovRAMP Symposium on Framework Harmonization — Findings and Discussion Record — offer policy recommendations and practitioner discussion for governments on how to align overlapping cybersecurity requirements.
GovRAMP created these publications based on practitioner input from the 2026 GovRAMP Symposium; according to GovRAMP the recommendations focus on:
On Monday, April 20, the United States Department of Justice extended compliance dates for the Web Content Accessibility Guidelines by one year. Per the interim final rule, published in the Federal Register: “The compliance date for state and local government entities with a total population of 50,000 or more is extended from April 24, 2026, to April 26, 2027. The compliance date for public entities with a total population of less than 50,000, or any special district government, is extended from April 26, 2027, to April 26, 2028.” According to the document, the DOJ identified several reasons for the interim rule; these included challenges related to the dates of compliance. They cited feedback given to the Department, including correspondence from a congressman; he noted the challenges of remediating STEM (science, technology, engineering, mathematics) content, explaining the need for human oversight versus using generative AI to ensure an error-free transition. The DOJ concluded that the delay equals greater accessibility for individuals with disabilities, saying: “The Department finds the compliance concerns raised in the foregoing correspondence to be compelling and upon its own review determines that it overestimated the capabilities (whether staffing or technology) of covered entities to comply with the rule in the time frames provided. Therefore, we agree with those suggestions to delay the effective dates of the 2024 final rule.”
The National Association of State Chief Information Officers (NASCIO) released a new publication on April 21, the Evolving Role of the State CIO as Change Leader, examining the changing role of the state Chief Information Officer. The report highlights the “dual mandate” of the CIO: delivering compliant, secure technology, while also investigating modernization opportunities, and emerging technologies like AI. According to NASCIO, “The state CIO must run the operations of the state enterprise and while doing so maintain a critical evaluation of what could and should be transformed through modernization investment. The state CIO must exploit what business and technology capabilities the state has in place currently and engage external partnering to deliver the very best citizen outcomes possible.”
Renee Moseley joined GL Solutions in 2016 with an educational and professional background in research and writing, along with software documentation. At GL Solutions she produces informative content to help regulatory agencies stay current on news and information that supports their success.
