What happened
Congress included a provision in a recently released fiscal year 2026 funding bill that extends authorization for key federal technology and cybersecurity programs through September 30, 2026. This includes the lapsed Technology Modernization Fund (TMF) and several important cybersecurity statutes that had been in limbo due to the lapse in government funding.
Who is affected
Federal agencies relying on TMF for modernization investments will regain the ability to accept new proposals and fund projects through the extended period. The extension also impacts private sector firms involved in cyber threat intelligence sharing under the 2015 Cybersecurity Information Sharing Act, as well as state and local governments that benefit from the State and Local Cybersecurity Grant Program. Additionally, the National Cybersecurity Protection System, a federal intrusion detection and alert framework, remains authorized for continued operation.
Why CISOs should care
CISOs in both government and regulated private sectors should note that federal cyber programs enabling modernization funding, threat information sharing, and grants for local cyber defense remain operational through at least September. The temporary extension averts immediate gaps in these critical capabilities, but it also signals ongoing legislative negotiations that could affect longer-term policy and funding.
3 practical actions
- Review dependency on federal programs: Assess whether your agency or organization leverages TMF projects, cyber grants, or federal threat sharing mechanisms and plan for continuity beyond September.
- Prepare for legislative changes: Monitor Congressional progress on permanent reauthorizations of TMF, CISA 2015, and related statutes to anticipate new compliance or reporting requirements.
- Engage with partners: Coordinate with state/local cyber leaders and federal contacts to understand how the extended funding impacts shared initiatives, threat intelligence exchanges, and modernization roadmaps.