By Hemant Baidwan, CISO, Knox (Former DHS CISO, Acting Deputy CIO; FedRAMP Board member, Federal CISO Council vice-Chair)
The new guidance makes the expectation unmistakable: Government should buy and deploy commercially available technology wherever possible.
This is exactly how every leading industry operates. The world’s most sophisticated financial institutions, healthcare systems, and global enterprises don’t build everything from scratch; they adopt best-in-class technology and adapt it to their needs. It’s faster, more secure, and far more cost-effective.
The federal government should be no different.
The reality is that the private sector is where innovation happens at scale. From cybersecurity to cloud infrastructure to AI, the most advanced capabilities are being built, tested, and hardened in commercial environments every day. When government agencies rely on outdated procurement models or over-customized systems, they not only spend more, they fall behind.
The White House directive recognizes this gap and takes a meaningful step toward closing it. By pushing agencies to justify non-commercial purchases and increase adoption of proven solutions, it is setting a new standard for efficiency, accountability, and performance.
Having spent more than two decades in government, including serving as DHS CISO, Acting DHS Deputy CIO and as Vice-Chair of the Federal CISO Council, I’ve seen firsthand how difficult it has been for agencies to access and adopt the best commercial technologies, even when they clearly outperform custom-built alternatives. That experience is exactly why I joined Knox: to help remove those barriers and make it possible for the government to leverage cutting-edge innovation without compromising on security.
But policy alone isn’t enough.
One of the biggest barriers preventing innovative companies from serving the government has never been capability, it’s been compliance. Navigating federal cybersecurity requirements, accreditation processes, and procurement complexity can take years. For many of the most advanced technology companies, the cost and friction simply aren’t worth it.
That’s where Knox comes in.
We exist to remove these barriers. Knox makes it possible for best-in-class technology providers to meet the government’s stringent cybersecurity and compliance requirements without slowing down innovation. We bridge the gap between commercial excellence and federal readiness, so agencies can access the same tools that power the private sector.
This directive signals a turning point. It’s an opportunity to rethink how Government buys, builds, and deploys technology, and to align those practices with the realities of modern innovation.
The mission is clear: Deliver better outcomes for taxpayers, faster and more efficiently.
The path forward is equally clear: Adopt the best technology available, and make it easier for the companies building it to serve.
Knox is proud to help make that future a reality.
