House appropriators cut CISA below Trump’s request
The House is not just trimming CISA; it is narrowing the agency while still handing it new technical homework.
TL;DR
The House Appropriations Committee advanced the fiscal 2027 Department of Homeland Security spending bill 34-27, cutting the Cybersecurity and Infrastructure Security Agency by $252.7 million to $2.35 billion, Inside Cybersecurity reports. That is $118 million below the Trump administration’s request. Contractors and agencies still get directives on agentic AI identity security, Software Bills of Materials and post-quantum cryptography, which makes the bill’s message fairly clear: less CISA, but not less dependence on CISA.
The useful number is not the $252.7 million cut. It is the extra $118 million. House appropriators did not merely accept the Trump administration’s proposed reduction for the Cybersecurity and Infrastructure Security Agency. They moved below it, advancing a fiscal 2027 Department of Homeland Security bill that would fund CISA at $2.35 billion after a 34-27 committee vote, according to Inside Cybersecurity.
That matters because the bill is not written as a retreat from federal cyber direction. The report still tells CISA to work with the National Institute of Standards and Technology on guidance for civilian agencies on identity security and access management for agentic AI systems. It directs $10 million from Continuous Diagnostics and Mitigation toward implementing and expanding a Software Bill of Materials capability for software. It also points $8 million at post-quantum cryptography work tied to cryptographic inventory risks and CDM Dashboard reporting, beginning with a pilot.
So the posture is not “CISA should stop doing cyber policy.” It is “CISA should do a narrower version of cyber policy with less money, fewer tolerated sidelines and a more explicit focus on federal networks, critical infrastructure and foreign-adversary threats.” Rep. Mark Amodei, chair of the House Appropriations Homeland Security subcommittee, said CISA had “strayed from the authority given to it by Congress” and described the bill as eliminating duplicative contracts and positions while investing in personnel and programs to counter threats from China and other nation-state adversaries. Ranking Democrats read the same bill differently: Rep. Rosa DeLauro framed it as cutting cybersecurity while increasing immigration enforcement funding.
For contractors, the immediate effect is not a new clause to flow down on Monday. The practical risk is upstream. CISA’s guidance, grantmaking, shared services and coordination work are part of the operating environment for primes, civilian agencies and defense-industrial-base suppliers trying to read where federal cyber requirements are going. AI-enabled assessment tools, SBOM expansion and post-quantum cryptography inventory are not abstract policy hobbies. They are the scaffolding that later shows up in procurement expectations, assessment questionnaires and agency-specific implementation plans.
The Senate now decides whether this is a House bargaining position or the start of a broader reset. If the funding comes back, contractors can treat the markup as a warning shot. If it does not, the interesting compliance problem will be watching CISA keep writing the map while Congress removes part of the road crew.
Published ·Deep Fathom