Last updated: February 16, 2026 at 19:37 UTC
Flash Brief: Fleet cybersecurity funding to see ‘increased investment’ in FY27 budget request: Navy official
TL;DR
The Navy is signaling increased cybersecurity funding in its FY27 budget request, with a strategic focus on fleet-level cybersecurity embedded within the Golden Fleet modernization concept. This represents a shift from bolt-on security to design-phase integration across shipbuilding and fleet systems. Contractors in cybersecurity, naval systems, and shipbuilding should prepare for expanded opportunities beginning in Q2 FY25 as the budget formulation process advances, with RFIs and market research activities likely by Q3 FY25.
Key Points
- What happened: Navy leadership announced plans to increase cybersecurity investment in the FY27 budget request, specifically targeting fleet cybersecurity capabilities integrated into the Golden Fleet concept—a design-phase security embedding approach.
- Who is affected: Prime contractors and subcontractors in NAICS 541512 (Computer Systems Design), 541513 (Computer Facilities Management), 336611 (Ship Building), 541330 (Engineering Services), and related cybersecurity/IT services supporting Naval Sea Systems Command, Office of Naval Research, and Department of the Navy programs.
- Timeline: FY27 budget submission occurs February 2026; expect pre-solicitation market research and RFIs in Q3-Q4 FY25, with formal solicitations likely in FY26 for FY27 execution.
- What contractors should do NOW: Audit current Navy cybersecurity contract positions, validate CMMC and NIST 800-171 compliance posture, identify teaming partners with shipbuilding integration experience, and monitor SeaPort-NxG and OASIS+ for emerging requirements tied to Golden Fleet initiatives.
Who Is Affected
Primary Market Segments: Cybersecurity services, naval systems integration, shipbuilding, fleet modernization, maritime security, embedded systems security, and defense IT services.
NAICS Codes Impacted:
- 541512 (Computer Systems Design Services) — Cybersecurity architecture and fleet system design
- 541513 (Computer Facilities Management Services) — Ongoing fleet cybersecurity operations
- 541330 (Engineering Services) — Integration of cybersecurity into ship design
- 336611 (Ship Building and Repairing) — Golden Fleet construction with embedded security
- 541715 (R&D in Physical, Engineering, and Life Sciences) — Cybersecurity technology development
- 334290 (Other Communications Equipment Manufacturing) — Secure communications systems
- 517410 (Satellite Telecommunications) — Secure fleet communications
- 541519 (Other Computer Related Services) — Specialized cybersecurity services
Agencies and Commands:
- Department of the Navy (DON)
- Naval Sea Systems Command (NAVSEA)
- Office of Naval Research (ONR)
- Program Executive Office for Integrated Warfare Systems (PEO IWS)
Contract Vehicles:
- SeaPort-NxG — Primary Navy engineering and technical services vehicle
- OASIS+ — Complex professional services including cybersecurity integration
- SEWP — IT hardware and software procurement for fleet systems
- GSA Schedule 70 — IT services and cybersecurity solutions
- ITES-SW2 — IT enterprise solutions for Navy networks
Compliance Surfaces: CMMC Level 2+, NIST 800-171, NIST 800-53, Risk Management Framework (RMF), DFARS 252.204-7012, ITAR (for sensitive ship systems), FISMA.
Frequently Asked Questions
Q: What is the Navy's "Golden Fleet" concept and why does it matter for cybersecurity contractors?
Golden Fleet represents the Navy's vision for next-generation fleet modernization with cybersecurity embedded from the design phase rather than added post-construction. This shifts procurement from standalone cybersecurity contracts to integrated shipbuilding and modernization programs where cybersecurity is a core requirement. Contractors must demonstrate capability to work within shipbuilding timelines, integrate with naval architecture teams, and deliver security solutions that survive the marine environment and operational tempo of deployed vessels.
Q: When should we expect solicitations related to this FY27 budget increase?
The FY27 budget will be submitted to Congress in February 2026, but pre-solicitation activity begins much earlier. Expect market research RFIs and industry days in Q3-Q4 FY25 (April-September 2025) as program offices refine requirements. Formal solicitations will likely appear in FY26 (October 2025-September 2026) for contract awards that execute in FY27. Contractors should engage now through Navy cybersecurity working groups and NAVSEA technical interchange meetings to shape requirements.
Q: How does this budget action affect existing Navy cybersecurity contracts?
Existing contracts may see scope modifications or follow-on task orders as program offices align current efforts with the Golden Fleet vision. Contractors should proactively propose Golden Fleet alignment strategies during upcoming option year negotiations or task order competitions. Programs not demonstrating design-phase integration capability may face budget reallocation. This is an opportunity to expand existing contracts by proposing pilot integration projects that demonstrate Golden Fleet principles.
Definitions
- Golden Fleet: The Navy's modernization concept emphasizing cybersecurity integration from the initial design phase of ships and fleet systems, rather than retrofitting security capabilities after construction. Includes common architecture standards, continuous monitoring, and lifecycle security management.
- CMMC (Cybersecurity Maturity Model Certification): DoD's unified cybersecurity standard for defense contractors, requiring third-party assessment of cybersecurity practices. Level 2 (or higher) will be mandatory for contractors handling Controlled Unclassified Information (CUI) on Navy programs.
- NIST 800-171: National Institute of Standards and Technology special publication defining security requirements for protecting CUI in non-federal systems. Baseline compliance requirement for Navy cybersecurity contractors.
- SeaPort-NxG: Naval Sea Systems Command's multiple-award contract vehicle for engineering, technical, and programmatic support services, including cybersecurity integration for naval systems.
- RMF (Risk Management Framework): NIST 800-37 framework for integrating security and risk management into system development lifecycle. Required for all Navy information systems and increasingly applied to platform-level ship systems.
Intelligence Response
Cabrillo Signals War Room has already detected this budget signal and delivered this briefing within hours of the Navy official's statement. The platform continuously monitors DoD budget formulation activities, service-level investment priorities, and program office guidance to identify funding shifts before formal solicitations appear. For this event, the War Room correlated the Golden Fleet announcement with historical Navy cybersecurity spending patterns, identified the FY27 timeline, and flagged affected contract vehicles and NAICS codes.
Cabrillo Signals Match Engine should be configured to automatically rescore your opportunity pipeline based on this budget action. Any existing Navy opportunities in your pipeline tagged with cybersecurity, shipbuilding, or fleet modernization will be rescored for increased win probability. The Match Engine will also surface historical Navy cybersecurity contracts that may see follow-on competitions aligned with Golden Fleet requirements. Configure alerts for opportunities mentioning "Golden Fleet," "design-phase security," or "embedded cybersecurity" in statement of work language.
Cabrillo Signals Intelligence Hub enables saved searches across SAM.gov for the eight affected NAICS codes, filtered by Department of the Navy and the five contract vehicles listed above. Set alerts for pre-solicitation notices, sources sought, and RFIs containing keywords: "fleet cybersecurity," "Golden Fleet," "shipboard cybersecurity," "maritime cyber," and "NAVSEA cybersecurity." The Intelligence Hub will notify you within 15 minutes of any matching solicitation appearing in the federal procurement system.
Proposal Studio (Proposal OS) should be updated with Golden Fleet-specific win themes and compliance matrices. Load NIST 800-171, CMMC Level 2, and RMF requirements into your compliance library. Build proposal templates that emphasize design-phase integration, shipbuilding collaboration experience, and maritime environment expertise. The AI-powered win theme library should include past performance examples demonstrating cybersecurity integration in complex engineering programs.
Proposal Studio Workflow Tracker should be configured for accelerated capture timelines. When Navy RFIs appear in Q3 FY25, your 9-gate capture process must compress gates 1-4 (opportunity identification through solution design) into 30-45 days to influence requirements. Set automated compliance routing for CMMC and ITAR documentation, ensuring your teaming agreements and subcontractor flow-downs are audit-ready before solicitation release.
Systems to Configure
- Cabrillo Signals War Room: Already monitoring Navy budget formulation and Golden Fleet program office announcements; no additional configuration required.
- Cabrillo Signals Match Engine: Rescore existing Navy cybersecurity opportunities; enable auto-alerts for new opportunities mentioning Golden Fleet or design-phase security.
- Cabrillo Signals Intelligence Hub: Create saved searches for 8 NAICS codes + Department of the Navy + 5 contract vehicles; keyword alerts for "Golden Fleet," "fleet cybersecurity," "shipboard cyber."
- Proposal Studio (Proposal OS): Update win theme library with Golden Fleet integration examples; load CMMC/NIST 800-171 compliance matrices; create shipbuilding collaboration templates.
- Proposal Studio Workflow Tracker: Configure accelerated capture gates for Q3 FY25 RFI response; set automated CMMC/ITAR compliance routing.
Notification Chain
- Capture Managers — Must begin shaping activities with NAVSEA program offices immediately; attend Navy cybersecurity working groups in Q2 FY25.
- Business Development Directors — Identify teaming partners with shipbuilding prime positions and Golden Fleet program access; assess build-vs-partner decisions for ship integration capability.
- Proposal Directors — Prepare RFI response templates and past performance packages emphasizing design-phase security integration; timeline is Q3 FY25.
- Compliance Officers — Validate current CMMC certification status and NIST 800-171 compliance; identify gaps that could disqualify the company from Golden Fleet competitions.
- Technical Directors — Assess current cybersecurity solutions for maritime environment suitability; identify R&D investments needed to demonstrate Golden Fleet-compatible technology.
- Contracts/Pricing Teams — Model budget scenarios for FY27 program starts; prepare cost volume templates for design-phase integration labor categories.
First 48-Hour Playbook
- Hour 0-4: Capture managers notify NAVSEA program office contacts of interest in Golden Fleet cybersecurity; request briefings on upcoming market research activities. Business development pulls all active Navy cybersecurity contracts from CRM and flags for Golden Fleet alignment assessment.
- Hour 4-12: Compliance officer audits CMMC and NIST 800-171 status; identifies any gaps requiring immediate remediation. Technical directors review current cybersecurity product portfolio for maritime environment compatibility; flag solutions requiring hardening or redesign.
- Hour 12-24: Business development identifies 3-5 potential teaming partners with shipbuilding primes or NAVSEA engineering contracts; initiate outreach conversations. Proposal director pulls past performance examples demonstrating design-phase integration and loads into Proposal Studio win theme library.
- Hour 24-48: Capture managers draft one-page Golden Fleet capability statement for distribution to NAVSEA program offices and shipbuilding primes. Schedule internal strategy session for week 2 to finalize shaping strategy, teaming approach, and investment decisions for Golden Fleet positioning.
