NASCIO released its 2026 federal advocacy priorities Tuesday, a set of issues the organization’s Executive Committee said state CIOs are most interested to take up with Congress, federal agencies, the White House and strategic partners. The agenda identifies areas where state technology leaders see opportunities for federal and state governments to collaborate in improving cybersecurity and expanding digital services.
At the top of the list is AI leadership for states, a subject NASCIO framed as both an opportunity and a challenge. Simply put, states have already begun developing their own frameworks for governing the use of AI in public services, and the association urges the federal government to collaborate closely with them as national policy evolves. In NASCIO’s view, any federal AI law or regulation should recognize “what states have already done to address AI in their operations, and how any federal law or regulation will impact state government,” and provide tools and resources to help states implement their strategies in a way that supports service delivery, workforce training and data protection.
Another priority revolves around the .gov domain extension — the URL suffix intended to make government websites distinct and secure. In the report, NASCIO highlighted how migrating public agencies to .gov strengthens security and fosters public confidence, particularly as false or misleading information spreads online. While the federal Cybersecurity and Infrastructure Security Agency now oversees the .gov extension, NASCIO said more oversight is needed, such as advisory groups to educate local governments, expanded technical support offerings, and even tying federal grant eligibility to .gov adoption so that smaller jurisdictions can take advantage of secure domains without undue cost.
The issue of cybersecurity funding itself is front and center, particularly in affirming that the State and Local Cybersecurity Grant Program should deliver on its potential. NASCIO notes that cybersecurity is now recognized as a cross-cutting concern that impacts all aspects of government operations, not just IT departments. The association recommends that federal guidance for the grant include flexibility for state needs, focus on whole-of-state approaches along with shared services models, and set baseline eligibility criteria for local governments seeking funding.
Another area NASCIO addresses is the patchwork of federal cybersecurity regulations that state governments must contend with when exchanging data with federal agencies. NASCIO mentions that while these regulations aim for similar outcomes, inconsistent requirements and audit practices can create financial and operational burdens for states.
Back in 2018, according to the association, Congress requested that the Government Accountability Office (GAO) examine these rules more closely. Its 2020 report found that a significant portion of federal cybersecurity requirements — ranging from approximately half to nearly 80 percent — had conflicting expectations. The GAO encouraged federal agencies to work together to align their standards, but so far, NASCIO said, only a few of its recommendations have been fully implemented. The association recommended that Congress and federal agencies implement the guidance from the GAO and empower the Office of Management and Budget to coordinate regulatory development.
The final major focus area highlights the future of FirstNet, the nationwide public safety broadband network created by Congress after communication failures exposed during the Sept. 11 attacks. State CIOs now rely on the network during hurricanes, wildfires and other large-scale disasters to keep responders connected when commercial networks are strained or damaged. With FirstNet’s statutory authority set to expire in early 2027, NASCIO is urging Congress to reauthorize the program, warning that lapses in authorization could disrupt the interoperable communications first responders depend on during emergencies.
