On December 8, 2025, the White House Office of Management and Budget (OMB) released the Trump Administration’s updated President’s Management Agenda (PMA).
This PMA outlines at a high level the Administration’s priorities across federal government operations.
In this article I am going to cut through some of the extraneous political rhetoric in the PMA to focus on what I see, through the eyes of a retired federal cabinet agency CISO, as the cybersecurity (and cybersecurity-related) priorities and objectives contained in the agenda.
To start, much like I pointed out in a podcast on the President’s June 6 Cybersecurity Executive Order, anytime the White House issues an official document and includes cybersecurity as a priority, that should be taken as a positive thing by the federal cybersecurity community.
Priority = Visibility = Attention = Resources.
The specific objectives I noticed for cybersecurity leaders in the PMA include:
- Under the priority “Shrink the Government & Eliminate Waste” and goal “Eliminate Woke, Weaponization, and Waste” is the objective Cease payments to fraudsters and eliminate waste. Cybersecurity groups can help prevent fraud by working with financial system owners to deploy strong identity and authentication technologies. To aid fraud detection, cyber teams can advocate for access logging and user behavior analytics.
- Regarding “Downsize the Federal Workforce” under the priority “Ensure Accountability for Americans”, federal cyber leaders must have sufficient knowledge of applicable statute and policy to clearly identify and justify the capabilities and staffing (both federal and contractor) that are essential and required by statute.
- The priority “Deliver Results, Buy American” contains the goal “Leverage Technology to Deliver Faster, More Secure Services”. This goal has several objectives that should catch the interest of federal cyber leaders.
-
- Consolidate and standardize systems, while eliminating duplicative ones
This objective can give cyber the opportunity to team with development and operational groups to ensure proper security controls are deployed as systems are reengineered for consolidations. Also, the elimination of duplicative systems should result in less systems, which means less surface area to defend. Finally, system standardization could provide opportunities for introducing a common set of security controls and settings across a larger environment – less complexity should result in better security. - Reduce the number of confusing government websites
This objective, like the one above, can be leveraged to push for the reduction in the number of systems (in this case specifically websites) that the agency cyber team needs to secure and monitor. - Ensure secure, digital-first services that are built for real people, not bureaucracy
Federal cyber leaders should consider pointing to this objective to encourage system owners to involve cyber teams early in design/development and to build in security to ensure system protections and usability. - Defend against and persistently combat cyber enemies
Well, the applicability of this one is obvious. Nevertheless, this is a good PMA priority objective to use to remind cyber teams and agency leadership of the importance of resourcing the directives in the President’s Cybersecurity Executive Order – e.g. strong authentication, zero trust, secure software, etc. - Eliminate data silos and duplicative data collection
Here again is an order to remove duplicative capabilities and, in general, removal of systems/capabilities can be a security advantage because it results in a reduced attack surface. - Reduce wasteful processes through artificial intelligence
Putting aside the unhelpful phrase “wasteful processes, I think the important point here for cybersecurity is we will need to embrace AI thoughtfully to drive efficiencies in these lean budget and staffing times, and to keep pace with adversaries.
- Consolidate and standardize systems, while eliminating duplicative ones
Federal CISOs and other cybersecurity leaders are in the challenging position of defending vital government resources against ever more sophisticated adversaries, while at the same time facing severe funding and personnel deficits. Used smartly, these high-level priority documents like the PMA and the Cybersecurity Executive Order that contain cyber (or cyber-related) objectives can help in discussions with agency leadership to obtain the resources needed for success.