The White House Office of Management and Budget and the Office of the National Cyber Director have released a memorandum outlining the current administration’s cybersecurity investment priorities that federal agencies should focus on as they formulate their budget submissions for fiscal year 2026.
The investment priorities are categorized into five pillars of the National Cybersecurity Strategy: defend critical infrastructure; disrupt and dismantle threat actors; shape market forces to drive security and resilience; invest in a resilient future; and forge international partnerships to pursue shared goals, according to the memo published Wednesday.
The memo was signed by OMB Director Shalanda Young and National Cyber Director Harry Coker.
Defending Critical Infrastructure
For the first investment priority, federal agencies should prioritize investments in departmentwide, enterprise platforms to enable information sharing and further align cybersecurity efforts. They should also demonstrate in their FY 2026 budget submissions how each sector risk management agency prioritizes building the capacity and mechanisms to manage risks to their respective sectors.
OMB and ONCD direct agencies to submit an updated zero trust implementation plan within 120 days of the memo’s release.
Agencies should also prioritize efforts to improve baseline cybersecurity requirements and enhance open source software security and sustainability.
Countering Threat Actors and Advancing Other Cyber Priorities
Under the second investment priority area, budget submissions should include how agencies prioritize resources to investigate cybercrimes, dismantle ransomware infrastructure, disrupt threat actors and counter the abuse of virtual currency.
ONCD and OMB require agency submissions to support initiatives that meet the federal cyber workforce demand, such as work-based learning, multiple on-ramp approaches and shared hiring measures, and ensure that their organizations are sufficiently resourced to facilitate the transition of their sensitive networks to quantum resistant cryptography.
To advance the cyber strategy’s fifth pillar, “budget submissions should support the creation of long-term, strategic collaboration between public and private sector partners domestically and abroad to rebalance and improve the transparency, security, and resilience of global supply chains for industrial control systems and operational technologies,” the memo reads.