The National Institute of Standards and Technology (NIST) is finalizing the first federal control requirements specifically for artificial intelligence (AI) systems. When published, those controls will govern every AI function deployed inside a CCN Next Gen contract. Initial public drafts are targeted for Q3 FY2026, with proposals being shaped and teaming decisions being made.
Most prime contractors pursuing the Department of Veterans Affairs’ (VA) Community Care Network Next Generation (CCN Next Gen) have not built this into their strategy. That gap will show up in their technical approach.
CCN Next Gen is a federal data infrastructure program at a scale most commercial managed care organizations have never operated. It manages care access for roughly 9 million veterans through a network of hundreds of thousands of community providers, with Interconnection Security Agreements (ISAs), electronic health and claims data exchanges, and a care coordination architecture already incorporating AI-assisted decision support. The security obligations that come with it are not commercial-grade and materially different from those of its predecessor.
The AI Governance Controls Are Already Being Written
NIST is actively developing the SP 800-53 Control Overlays for Securing AI Systems (COSAiS). The series covers every AI layer that will appear inside a contract of this scope: predictive AI, generative AI, and agentic systems, both single-agent and multi-agent. Initial public drafts are expected this summer.
COSAiS is not a voluntary framework. It is built on SP 800-53 control overlays, the same control structure that governs the federal civilian, defense, intelligence communities, and the Federal Risk and Authorization Management Program (FedRAMP). When it matures, penetration testing, continuous monitoring, boundary protection, and impact analysis become required controls for AI-supported systems operating in federal health environments, tailored by AI layer and lifecycle stage.
The NIST Artificial Intelligence Risk Management Framework (AI RMF), already the alignment expectation for responsible federal AI deployment, goes further. Its guidance on managing misuse risk explicitly names red-teaming as a formal practice, specifically testing AI safeguards to assess whether threat actors can bypass the protections built into deployed models. AI systems trained to reject harmful queries may comply when an adversary reframes the request. The safeguards are brittle, and the only way to know how brittle they are is to test them under offensive, adversarial conditions.
AI systems also carry a fundamentally different attack surface than traditional enterprise IT systems. Model poisoning, evasion attacks, and data extraction attacks against model architecture and training data are the specific threats COSAiS is designed to address. Standard security testing does not cover them. AI-specific testing procedures and AI red-teaming do.
Primes with an AI governance plan already aligned to NIST AI RMF and COSAiS will be a generation ahead of a mandate most of the field has yet to consider. Those without one will be retrofitting governance onto deployed systems under contract scrutiny.
This Is Not the Same Contract
The original CCN operated under a FedRAMP Moderate baseline. CCN Next Gen explicitly requires FedRAMP High for cloud systems handling Health Care Delivery (HCD) data. VA has categorized that data at the Federal Information Security Modernization Act (FISMA) High level, meaning a breach would have severe or catastrophic consequences for the veterans whose records it contains.
The difference between Moderate and High goes beyond control counts. Moderate carries 325 controls. High carries 421. More significantly, many of the controls shared between the two levels have more stringent parameters at High. Incident response windows tighten, continuous monitoring becomes more intensive, and configuration management requirements grow more rigorous. Organizations that have operated comfortably at Moderate will find the High counterparts of familiar controls considerably more demanding to implement, document, and sustain.
Most commercial managed care organizations have never operated in a FedRAMP High environment. Their security programs were built for Moderate. Closing that gap requires the right expertise on the team from the start.
The security surface has also expanded structurally. CCN Next Gen introduces capabilities that did not exist in the original contract: appointment scheduling, comprehensive care coordination, and a central medical documentation processing system. Each creates new data flows, new system interconnections, and new ISA obligations. The contract now includes a Data Access Services (DAS) Interface Control Document as a formal contractual attachment rather than a referenced standard. The technology architecture is shifting from batch eligibility exchanges to real-time Fast Healthcare Interoperability Resources (FHIR)-based interoperability, a more capable standard that also carries a significantly broader attack surface.
Before a contractor can initiate Health Care Delivery at any VA facility, VA requires explicit validation of cybersecurity compliance at that station. It runs across the entire network, facility by facility, throughout implementation.
The Technology section of the Contractor Manual is currently marked Reserved. It is not an oversight. Additional technology and security requirements will be defined through task orders as the contract matures. A team without embedded security expertise will be reacting to those requirements rather than shaping responses to them.
The Capability Gap
Federal-scale healthcare primes are built for network management, claims adjudication, provider relations, and clinical operations. Those strengths are real, and they are competitive on a contract like CCN. What most are not built for:
- Zero Trust Architecture (ZTA) advisory and implementation at the classification level and data sensitivity that VA interconnections require
- AI red teaming for care coordination, utilization review, and decision-support systems, a practice NIST explicitly recognizes in the AI RMF for measuring whether safeguards hold under adversarial conditions
- Development, Security, and Operations (DevSecOps) pipelines built and validated in high-stakes federal security environments, not adapted from commercial practice after the fact
- AI governance program development aligned to NIST AI RMF and COSAiS before those frameworks become contractual requirements
These capabilities do not get staffed reactively after the award. They belong in the technical approach, on the org chart, and in the past performance matrix before the proposal drops.
The SDVOSB Dimension
Traverge is certified by the Small Business Administration (SBA) as a Service-Disabled Veteran-Owned Small Business (SDVOSB).
It matters for two reasons.
The first is mechanical. Primes have small business subcontracting obligations, and an SDVOSB capable of carrying real technical scope in federal cybersecurity, DevSecOps, offensive security, and AI governance is a different kind of asset than a placeholder sub.
The second is harder to put in a spreadsheet. This contract serves veterans. The systems securing the delivery of their care should include people who have lived the mission. Our team has supported US Special Operations Command (US SOCOM), United States Space Force, Air Force Global Strike Command, and Defense Health Agency (DHA) before bringing that same standard to veteran healthcare.
We did not come to federal cybersecurity through healthcare. We came through the most demanding operational environments in the US Government. That is a different foundation.
A Direct Note to Primes
Traverge is actively pursuing teaming and subcontracting conversations with prime contractors on both the East and West lots of CCN Next Gen.
If your team needs federal cybersecurity, Zero Trust Architecture, penetration testing, red team exercises, AI red teaming, DevSecOps, or AI governance capabilities, and you want an SDVOSB partner who can deliver real scope, let’s talk before proposals lock.
Traverge, LLC is an SBA-certified Service-Disabled Veteran-Owned Small Business headquartered in Jacksonville, FL. We provide federal cybersecurity consulting, Zero Trust Architecture, DevSecOps, offensive security, and AI governance services to the defense, federal, and intelligence communities.
