Legacy systems at state agencies continue to pile up and weigh down modernization efforts, says Doug Robinson, executive director of the National Association for State Chief Information Officers. In a September 10 interview with the Federal News Network, Robinson explains that the challenges states face largely mirror those that federal agencies face. He points to new funding and budget constraints for states. In the interview, Robinson shares the places where states excel and overcome these challenges; these successes incudes states that put together formal plans for change management.
“The secret code is having that transformation playbook that is available to all of the agencies that outlines the approaches, and then having highly robust enterprise governance, because again, you might have anywhere from in some cases, large states, a hundred different agencies that are under their purview of the state CIO organization,” Robinson says.
Co-author of the 2025 State Occupational Licensing Index, Edward Timmons, makes the case for using universal recognition for licensing. He explains universal recognition as simply accepting other states’ licenses. “It is a common sense reform,” Timmons tells GL Solutions in an interview last month. “Licensed professionals in good standing are able to more easily continue working when they move to another state, or in many cases, when they work across a state border. Research shows that this increases in-migration, increases employment and labor force participation, and increases tax receipts in reform states.” Timmons also updates the evolution of universal recognition from 2024 to 2025 in terms of state participation.
GovRAMP’s September 9 blog explains the importance of both policy and control for cybersecurity. Policy defines what needs to happen, GovRAMP says, such as encrypting sensitive data. While control ensures that happens, such as automatically encrypting data before transmittal. “A policy without controls is guidance without teeth,” GovRAMP explains. “Controls without policy lack purpose. Together, they create accountability—ensuring that systems are secure and expectations are consistently met. For government, this isn’t just a technical exercise. It’s about protecting services people rely on every day.” GovRAMP shares not only the importance of polices and controls for cybersecurity—but also for the public trust that depend on these secure systems.
