The fiscal 2026 National Defense Authorization Act (NDAA) introduces significant cybersecurity measures for the Defense Department. It mandates that senior leaders must use secure mobile phones that meet specific cybersecurity standards, including data encryption. This move comes in light of recent scrutiny, particularly following the Signalgate incident involving Defense Secretary Pete Hegseth. The bill also enhances cybersecurity training for military personnel and civilian employees, focusing on the challenges posed by artificial intelligence. Mental health support is another key component. The Defense Department must ensure that behavioral health specialists with the necessary security clearances are available at U.S. Cyber Command and the Cyber Mission Force. This reflects a growing acknowledgment of the mental health needs within cybersecurity roles, which have been highlighted in past defense bills. The bill also addresses the structure of Cyber Command and the National Security Agency, preventing any funding from being used to weaken the authority of the Cyber Command Commander. For defense contractors, the legislation aims to streamline cybersecurity requirements to avoid confusion and redundancy across various contracts. Lastly, it establishes a policy against the misuse of commercial spyware, particularly concerning journalists and human rights activists, while emphasizing collaboration with allies to curb such abuses. While these policy statements lack legal force, they signal a strong intent among lawmakers on these issues.