CISA and OMB announce a multi-year program to consolidate 47 individual agency Security Operations Centers into 12 shared SOC service centers, requiring significant workforce transition planning.
CISA and OMB jointly announced the Federal SOC Consolidation Program, a multi-year initiative to consolidate 47 individual agency Security Operations Centers into 12 shared SOC service centers operating under a unified operational model. The program aims to improve threat detection quality while reducing the total cost of federal SOC operations by an estimated 34 percent.
The consolidation addresses a fundamental problem in the current federated SOC model: most individual agency SOCs lack the scale to maintain 24/7 operations with the specialized expertise required to detect and respond to sophisticated nation-state threats. The 47 SOCs being consolidated include several that operate with fewer than 5 full-time analysts.
The 12 shared SOC centers will be operated by a combination of CISA-managed facilities and agency-operated centers that meet minimum staffing, technology, and capability standards. Each shared SOC will cover between 3 and 7 agencies based on mission similarity, classification level, and geographic proximity.
The workforce transition represents the program's most complex challenge. An estimated 1,400 SOC analysts will transition from agency-specific roles to shared SOC positions with broader scope and more sophisticated tooling. CISA has committed to a 24-month reskilling program for affected personnel.
GovAcademy's Security Operations Center for Agencies course (GA-031) — a 36-hour Advanced course covering SIEM architecture, threat hunting, SOAR playbooks, and CDM program integration — has been designated as a core training requirement for analysts transitioning into the consolidated SOC model.
The Cyber Tabletop Exercise Facilitator course (GA-039) is designated for senior analysts who will lead the interagency tabletop exercises that the consolidated SOCs must conduct quarterly.
The consolidation program is projected to save approximately $840 million over five years while improving average threat detection time from 18 days to a target of 4 hours.