It's less about budget and more about we're not the DoD and can do whatever we please, stay the hell off our lawn.
Even if it was a "hey, could you look at this and tell us what you think" with no obligation to address issues, it is undesirable to establish a precedence.
They do use standards and recommendations from NSA/OMB for enterprise systems. But even the US Courts went that route, just with a lot of renaming of things so it can't be seen as being subservient to the Executive branch. There are some good frameworks and standards that you shouldn't waste time re-implementing.
Plus there is a reason you secure and compartmentalize information. The NSA may be comprised in some way, and giving them access means that deliberately or accidentally leak something vital.
Same idea in reverse with the CIA -- maybe someone in the CIA is a bad actor and now knows the secret 0-days the NSA is using -- because they're busy locking them down -- and those get leaked.
Even if it was a "hey, could you look at this and tell us what you think" with no obligation to address issues, it is undesirable to establish a precedence.
They do use standards and recommendations from NSA/OMB for enterprise systems. But even the US Courts went that route, just with a lot of renaming of things so it can't be seen as being subservient to the Executive branch. There are some good frameworks and standards that you shouldn't waste time re-implementing.