OMB M-26-10: What It Requires & Why Most Agencies Aren't Ready

SOLUTIONS ▾

PARTNERS ▾

COMPANY ▾

BLOG ▾

CONTACT▾

BluLogix

Revolutionizing B2B Monetization

Here is a question worth sitting with: if your agency experienced its largest cloud and AI usage event of the year this month, a major service launch, a filing deadline, a policy announcement that drove ten times normal traffic, could you produce a bureau-level cost attribution report, reconciled against current appropriations, before your next OMB submission is due?

If the answer is no, or if it would take weeks of manual work to get there, that is exactly the gap OMB M-26-10 is designed to surface.

Issued on March 31, 2026 by OMB Director Russell Vought, M-26-10 is not a surprise audit exercise. It is OMB’s formal acknowledgment that the federal government has built decades of procurement infrastructure with almost no consumption intelligence to go alongside it. Agencies know what they contracted for. Most have very little reliable visibility into what they are actually using, what it is costing by bureau and program, and whether they are getting defensible value from it.

M-26-10 is the first formal mandate to close that gap.

What the mandate actually requires

M-26-10 has two operative sections, and it helps to understand them separately.

Section 1 requires all 24 CFO Act civilian agencies to report IT contracts to OMB monthly, beginning May 2026. The top-level CIO signs off on every submission. This is a named, personal reporting obligation, not something that can be quietly delegated. Six monthly reports are due through October 2026, with the possibility of extension.

Section 2 is broader and more permanent. Effective immediately, agencies must collect utilization rates and pricing data from all current IT vendors (hardware, software, services, and resellers), compile it in machine-readable, open-standard formats, and share it with OMB and GSA on demand. This is not a one-time data call. It is a structural change to how agencies manage IT acquisition data going forward.

Together, the two sections create a compliance challenge that is less about reporting and more about infrastructure. Most agencies do not have a centralized system that ties IT service consumption to cost centers, normalizes data across vendors, and produces machine-readable outputs on a monthly cycle. Building that capability is what M-26-10 is actually asking for.

Why this is harder than it looks

The financial models that federal agencies operate were engineered for a fixed-cost, predictable world: annual server contracts, per-seat software licenses, stable headcount. They were not designed for variable cloud consumption, AI workloads that scale with mission demand, or SaaS portfolios that sprawl across bureaus without central tracking.

The result is a structural gap, not an operational one. It cannot be closed by working harder or adding staff. It requires a different kind of data infrastructure: one that ingests consumption data from any vendor, normalizes it across systems, and produces bureau-level, audit-ready outputs automatically.

That is a meaningful undertaking. But it is also a manageable one, if agencies start with the right sequence. The FinOps community has a useful framework for this: showback first, then chargeback. See what is being consumed before you try to bill for it. Build the data foundation before you build the policy. M-26-10 is, at its core, forcing agencies to begin that sequence

What comes next

M-26-10 has a formal sunset in October 2026. Agencies that treat that as a finish line are misreading the signal. OMB will spend those six months collecting data on which agencies can produce clean, defensible IT cost reports and which cannot. The agencies that struggle in this phase will become the primary targets for more stringent requirements in the next.

FITARA followed a similar arc. So did FedRAMP. OMB mandates rarely stop at Phase 1.

The tension is real and widely recognized. Federal IT and finance teams are not unaware of the infrastructure gap M-26-10 is surfacing. What most are looking for are practical approaches that start with what is achievable now and build toward the financial operating model that the next five years of federal IT governance will require.

If you are trying to figure out where your agency stands, that diagnostic question at the top of this post is still the right place to start.

Dave Mink is Director of Public Sector at SOFTRAX + BluLogix, the financial operating system for federal IT spend. SOFTRAX sits between your operational platforms and your ERP, ingesting consumption data from any vendor, normalizing it, and producing the bureau-level, audit-ready outputs that M-26-10 requires. Learn more at softrax.com/federal.

Learn how SOFTRAX + BluLogix helps state IT organizations track and recover cloud and AI spending.

Learn more

What OMB M-26-10 Actually Requires, and Why Most Agencies Aren’t Ready

Why AI Products Leak More Revenue Than Traditional SaaS and How to Stop It in 2026

From Reactive to Real-Time: How AI Is Transforming Revenue Intelligence for Subscription Businesses in 2026

When the Bill Arrives, the Problem Has Already Happened: State Government Cloud Allocation and the Spike Problem

Your IT Fund Has a Leak You Can’t See Yet: How State Government Cloud and AI Billing Creates Hidden Revenue Loss

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Performance

Analytics

Others

Usage Billing