HUMAN, FBI, and Partners Take Action Against BADBOX 2.0

Posted on by Gavin Reid

On June 5th, 2025, the Federal Bureau of Investigation issued Public Service Announcement I-060525, detailing how cybercriminals are exploiting compromised Internet-of-Things devices to expand the BADBOX 2.0 botnet and residential-proxy infrastructure.

The goal of this announcement is consumer education: if you buy one of these bargain devices, you may be handing criminals the keys to your home network. You wouldn’t help someone rob a store—are you willing to let bad actors steal bandwidth, launder traffic, and commit fraud in your name?

HUMAN is honored to have contributed intelligence to this alert alongside Google, Trend Micro, and the Shadowserver Foundation, further validating the findings our Satori Threat Intelligence & Research Team published in March 2025.

Collaboration is the decisive advantage in modern cyber defense. From the first indicators uncovered in our labs, we worked shoulder-to-shoulder with platform operators, cloud providers, and law enforcement partners, sharing data in real time and coordinating disruption actions. Google’s enforcement across Google Play Protect has already blocked malicious apps and cut off monetization avenues for the actors behind BADBOX 2.0.

I also want to extend a special thank you to The Shadowserver Foundation for sinkholing key BADBOX 2.0 command-and-control domains. As a result of their swift action, over a million infected devices now beacon to Shadowserver-managed infrastructure instead of criminal servers, stripping the threat actor of a substantial portion of its botnet. A live view of that global neutralization is available on Shadowserver’s public dashboard.

This investigation is very much ongoing. The adversaries responsible for BADBOX 2.0 have shown they will iterate quickly, shifting infrastructure and re-seeding supply chains when pressured. HUMAN researchers will continue to hunt for new variants, share indicators with the FBI and our industry peers, and deploy fresh detections across the Human Defense Platform to protect customers worldwide.

In the meantime, we urge manufacturers, retailers, and consumers to follow the mitigation guidance in the FBI PSA: purchase devices from reputable vendors, keep firmware up to date, monitor network traffic for anomalies, and avoid unofficial app stores. If you suspect a device on your network is compromised, disconnect it immediately and file a report at ic3.gov.

I want to personally thank every partner who leaned in—especially our colleagues at Google—for the openness, speed, and determination that made this collective defense possible. Together we are raising the cost of fraud and making the internet safer for everyone.

To learn more about securing your network and data against bad actors and malware strategies like BADBOX 2.0, visit HUMAN Security’s brief on human defense in the Public Sector.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including HUMAN Security, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Comprehensive Identity Security: 1Kosmos Achieves FedRAMP High Authorization and Kantara Certification

Posted on by Christine Owen

As cybersecurity demands increase across all levels of Government, 1Kosmos’s credential service provider (CSP) platform represents a shift in how agencies approach identity verification and authentication. Rather than forcing agencies into rigid, one-size-fits-all solutions, the platform offers unprecedented flexibility through its modular architecture. Organizations can deploy everything from simple document capture for in-person verification to comprehensive digital identity wallets that put end-users in complete control of their personal information.

This adaptability proves crucial for Government agencies with diverse operational requirements. Some organizations need only Identity Assurance Level 2 (IL2) workflow integration with existing identity providers like Okta or Microsoft, while others require the full spectrum of identity verification, digital wallet creation and Authenticator Assurance Level 2 (AL2) authentication capabilities. The platform’s ability to scale from basic document verification to complete identity lifecycle management ensures agencies can start with their immediate needs and expand functionality as requirements evolve.

The Power of Dual Certification

As the only CSP to achieve both FedRAMP High authorization and Kantara certification, 1Kosmos has established itself as the definitive solution for Government agencies seeking uncompromising identity security. This dual certification creates a security foundation unmatched in the identity verification space and works in concert to address both the “what” and “how” of secure digital identity management. Kantara certification, based on National Institute of Standards and Technology (NIST) 800-63-3 digital identity guidelines, validates that the platform operates according to the gold standard for identity verification processes and procedures.

FedRAMP High authorization takes security to the next level, implementing over 400 security controls based on NIST 800-53 standards. This represents the most stringent civilian agency security requirements available, with only 20 additional controls separating High from IL4 defense-level certification. The comprehensive nature of these controls means agencies receive verified, not just claimed, security hardening that has undergone rigorous third-party assessment.

This dual certification approach provides Government buyers with unprecedented assurance. While other solutions may meet basic compliance requirements, 1Kosmos offers the most verified hardening available in the market. For agencies navigating complex procurement requirements across Federal, State and Local levels, this certification combination simplifies vendor evaluation and reduces compliance risk. The FedRAMP High baseline ensures smooth flow-down compliance for State and Local implementations, eliminating the complexity of multiple security assessments.

Security and Privacy by Design

True security extends far beyond meeting regulatory checkboxes, and 1Kosmos has embedded privacy and security principles into every aspect of the platform’s architecture. The decision to pursue FedRAMP High from the outset reflects a commitment to protecting what 1Kosmos considers the highest-value data in existence: end-user personally identifiable information (PII).

1Kosmos, 1Kosmos Achieves FedRAMP High Authorization and Kantara Certification, blog, embedded image, 2025

Every piece of data within the 1Kosmos environment undergoes Federal Information Processing Standards (FIPS) 140-3 encryption both in transit and at rest. This is not merely a compliance requirement—it is a recognition that Government agencies entrust identity platforms with irreplaceable citizen information. The platform employs a unique double-encryption approach for digital wallets, where identity evidence receives initial encryption before being secured again within the user’s wallet, with encryption keys remaining under end-user control exclusively.

The platform operates on a privacy-first data retention philosophy. By default, the system processes identity data, stores only what is necessary for wallet creation and immediately deletes excess information. This approach ensures that data remains in the system only as long as operationally required, with automatic deletion on specified retention dates. The platform’s architecture makes it impossible for 1Kosmos or their customers to access end-user wallet data without explicit user consent, creating true user sovereignty over personal information.

What is More Valuable Than Identity?

The question of data value reveals why identity security demands such rigorous protection. In commercial contexts, student records command higher dark web prices than credit card or healthcare information due to the extended window before detection—students typically do not monitor credit for years after graduation. This extended vulnerability period makes educational identity data particularly attractive to cybercriminals and highlights why robust identity verification is essential across all Government sectors.

Government agencies face even higher stakes. Beyond financial fraud, identity compromise can affect national security, citizen services and public trust. The 1Kosmos platform addresses these concerns through continuous security monitoring and automated threat detection capabilities that immediately alert administrators to potential security issues. This proactive approach, combined with comprehensive logging and audit capabilities, ensures agencies maintain complete visibility into their identity security posture.

The platform’s global deployment success stories demonstrate scalability and reliability under real-world conditions. One global business process outsourcing company successfully transitioned half their worldwide user base to 1Kosmos authentication within just two months, showcasing the platform’s ability to handle massive-scale implementations without compromising security or performance.

Building the Future of Government Identity Security

As Government agencies accelerate digital transformation initiatives, the need for trustworthy, scalable identity solutions becomes increasingly critical. The 1Kosmos platform provides the security foundation necessary for agencies to confidently expand digital services while maintaining the highest protection standards for citizen data. With plans to extend certification to IL4 levels for defense customers, 1Kosmos continues pushing the boundaries of what is possible in Government identity security.

Learn more about how 1Kosmos can transform your agency’s identity security posture by exploring their comprehensive platform capabilities and certification achievements.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including 1Kosmos we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Becker’s Healthcare Online 2025: Top 5 Insights on Sustainability, Efficiency and Security in Patient Care

Posted on by Tim Boltz

At the 15^th annual meeting of Becker’s Healthcare, providers and industry leaders gathered to discuss the latest in Health IT. Sessions explored intellectual capital, cybersecurity, logistics and technology, such as artificial intelligence (AI).

Carahsoft and its partners, such as Oracle, Bamboo Health, Innovaccer, Laserfiche, Smart Communications, Wolters Kluwer and more, attended Becker’s to connect healthcare systems with the latest technology.

Becker’s Healthcare conference featured five key themes for attendees to learn about.

Expanding Patient Care Through Automation

Speakers from Baptist Health discussed patient care amidst high demand in the session “Empowering Healthcare Teams: Baptist Health’s Journey to Efficiency.” As the Baptist Health Healthsystem began examining inpatient flows, they tracked all components of the patient’s experience. The influx of patients exposed existing weaknesses, such as fragmented operations, low visibility and discharging delays, resulting in lost revenue and overall inability to meet patient demand. In response, Baptist Health opened a command center to centralize its logistics, proactively taking steps to increase reliability and predictability. Viewing all components of a patient’s stay, from the moment patients entered to being fully discharged, as well as the time spent cleaning the room, enabled them to find and remove bottlenecks that prevented the efficient transfer of patients. Baptist Health also began automating workflows to expedite processes. Automated texts would be pushed to providers when patients were not moved, allowing providers to know where they were needed. These changes resulted in a 6% increase in overall admissions and a 50% increase in on time or early discharges by 11am, which helped free up beds, increasing overall capacity and revenue.

Patient-Centered Sustainability

In the session “The Future of Patient-Centered Care: Strategies for Sustainable Healthcare,” Fariha Siddiquie, the Director of Healthcare Services at The Kaleidoscope Group, emphasized that patients are the center of healthcare. When crafting a positive customer experience, healthcare systems should take a holistic approach to the patient’s journey.

Healthcare systems can foster a positive experience by:

Utilizing front desk staff to create positive experiences as soon as patients enter the facility

Providing a comfortable experience in the waiting room

Removing technical jargon to help patients and their support system understand billing, procedures and treatments

Preventing and slowing the spread of diseases through community outreach

Meeting patients and their support systems at their level contributes to patients feeling safe and welcome. While providers are not fully responsible for the experience a patient has at a healthcare center, they shoulder the most responsibility. Healthcare systems can help alleviate this responsibility by fostering a culture of empathy between employer and provider, which will ultimately extend to provider and patient. Focusing on the patient’s experience will ensure satisfaction in all aspects of patient care.

To meet all of a patients’ needs, providers should consider how different backgrounds, such as geographical location and age, factor into care needs. With technology, certain features, such as specific fonts or options to connect to a help desk, boost accessibility. When these features are not included, the technology that already has been invested in will be ineffective. By committing to a strategic plan that impacts day-to-day workflow, healthcare systems can ensure a more welcoming, fostering environment for patients.

Choosing the Right Technology for Your Healthcare Systems 

As IT expenses continuously grow, healthcare systems must consider which technology to prioritize. In the session “From Friction to Flow: Advocating for Smarter, Safer Healthcare Systems,” panelists discussed how healthcare systems must consider whether replacing existing technology with new ones is cost effective. Before purchasing, healthcare systems should consider how the technology will be incorporated into the workplace, and whether staff will need to be trained to use the new technology. Talking to front line caregivers and other staff can illuminate what solutions and tools are needed for daily operations. The technology with the best return on investment is that which alleviates monotonous administrative tasks and uplifts providers, who face potential burnout from the administrative tasks placed on top of their job. Once the technology is in place, healthcare systems should measure the outcomes of technology and gather and listen to feedback from end users. While technology helps processes, it cannot automatically solve problems. Rather, technology is best utilized when aiding providers and expediting work processes, allowing clinicians to focus on patient care.

Preventing Data Breaches in Healthcare 

In the session “Doing the Inevitable: How Health Systems Are Stopping Data Breaches,” speakers from various institutions discussed the daily phishing breach attempts that healthcare systems face. Phishing attacks are insidious as they are impossible to fully prevent. Threat actors are getting more sophisticated with social engineering, using AI to impersonate leadership over the phone, or even on video calls. While security solutions, such as multi-factor authentication, are important to preventing breaches, there are use cases where they are not applicable- such as emergency situations in the operation room.

Phishing breaches should be treated as a “when,” not an “if;” systems must proactively prepare for data breaches. Attacks can force an area or unit to go offline, so a response strategy can help operations continue smoothly. Trainings that simulate breaches can demonstrate to leaders the full complexity of these attacks and what is at risk. Even breaches for agencies that are indirectly exposed to your network can be a hazard. To prevent phishing breaches, everyone from providers to clinical leadership must be knowledgeable about mitigating attacks.

Optimize Daily Operations with Artificial Intelligence 

In the session “AI in Healthcare: Big Ideas and Risks for the Next 5 Years,” speakers Dr. Chris Longhurst from UC San Diego Health, Dr. Mike Phepher from Stanford, the Chief Data Officer from CommonSpirit Health and Mohan, the Founder and CEO of LeanTaaS, discussed the variety of AI projects have been tested in healthcare systems to aid with operational processes. With the onboarding of secure AI portals, healthcare systems enable staff to experiment and learn how to use the new technology.

They have found that AI can aid daily procedures in numerous areas, such as:

Operational Tasks

AI can help eliminate monotonous tasks that are not directly related to helping patients, such as with calls and removing duplicate insurance requests, empowering providers with more time with patients.

Safety

AI has helped predict which patients need palliation. This early identification has enabled symptom relief, disease prevention and reduced mortality rate. It has also democratized medical information, empowering patients and providers, as well as aided in eliminating misdiagnosis.

Patient Empowerment

AI has enabled patients to learn more about the care they receive. Tools such as language learning models (LLMs) have helped providers craft response letters to patients, and electronic health record (EHR) integration aids in provider-patient communication by making medical information more accessible to patients.

When choosing the right AI platform for a healthcare system, the speakers recommend onboarding an AI model that is secure and sufficient for necessary procedures. A platform approach can help avoid siloing. Technology experts, such as VMWare, are constantly working to be at the forefront of AI initiatives and enablement, and Salesforce offers a variety of AI tools. Overall, AI can be used in many scenarios. Between aiding call centers and predicting illnesses, AI increases efficiency, optimizes processes and decreases costs.

By maintaining security and investing in mission-supporting technologies, healthcare systems can support providers and offer the best care to patients.

To learn more about technologies featured at Becker’s Healthcare Online, visit Carahsoft’s healthcare technology portfolio.

The 10 Top Law Enforcement Events for Government in 2025

Posted on by Lacey Wean

This year is packed with must-attend events for Law Enforcement and Government professionals looking to stay ahead of the latest technology trends.

Carahsoft’s Law Enforcement Technology Team gathered a list of the best events for law enforcement and Government officials to attend. These events offer valuable insights, hands-on learning and opportunities to explore cutting-edge solutions from our trusted vendor partners.

Here are the top events to watch for in 2025 and beyond.

We look forward to connecting with you.

National Sheriff’s Association Annual Conference

June 23-25 | Fort Lauderdale, FL | In-Person Event

The National Sheriff’s Association (NSA) Annual Conference is the largest of its kind. It features a tradeshow displaying products and equipment relevant to every facet of police work, jails, prisoner transport and courtroom security. This four-day event includes highly curated seminars and educational content covering cutting-edge subjects for Law Enforcement at all levels.

Look out for NSA’s seminar schedules, estimated to have 70 different sessions covering 11 different tracks.

Carahsoft will have a booth at this event, where several of our vendor partners—Cellebrite, Check Point and Achievelt— will be demoing their solutions and sharing their educational content. We will also be hosting a networking reception from 6:30-8:30 pm with several of our vendor partners, welcoming conference attendees for food, drinks, networking, and more!

Florida Sheriffs Association Summer Conference

July 27-30 | ChampionsGate, FL | In-Person Event

The Sheriffs Summer Conference, usually held in central or south Florida, is the largest event of the year, providing participants with continuing education opportunities, networking, sharing of best practices, association news, award recognition and important updates in the field of Law Enforcement.

Attendees should look for sessions that cover legal affairs and Law Enforcement technology.

Carahsoft will be exhibiting at this event, and we’re excited to welcome you to join us to learn about our leading Law Enforcement technology vendor partners.

National Homeland Security Conference

August 25-28 | Washington, D.C | In-Person Event

The National Homeland Security Conference brings together professionals in Homeland Security, Law Enforcement and Fire and Emergency Management. Including officials in Federal agencies, nonprofit agencies, business owners, universities and decision makers, attendees will learn about emerging trends in homeland security and see the new equipment and technology available to support their mission.

Carahsoft maintains strategic partnerships with Mark43, Cellebrite, Magnet Forensics and AWS. These collaborations enable Carahsoft to offer a comprehensive range of law enforcement technology and services to the public sector. By leveraging the strengths of these industry giants, Carahsoft ensures that law enforcement agencies have access to cutting-edge technology for enhanced security solutions. For more information, visit Law Enforcement Technology Providers | Carahsoft.

Major County Sheriffs of America 2025 Annual Conference

September 22-24 | Dallas, TX | In-person Event

As a professional association representing the largest Sheriff’s offices in the United States, the MCSA is dedicated to promoting a greater understanding of Law Enforcement strategies. Working alongside corporate partners and Public Sector agencies, the MCSA aims to advance legislation to enhance the safety of the community.

As a proud Sergeant-level partner, Carahsoft will be attending this conference to learn, collaborate and network with the Law Enforcement community.

IACP Annual Conference

October 18-21 | Denver, CO | In-Person Event

The IACP Annual Conference is a leading event for Law Enforcement executives, featuring in-depth educational sessions on critical topics such as leadership, policy development and community relations. It also includes an extensive exhibit hall showcasing advanced technologies and solutions, drawing thousands of police chiefs, commanders and public safety professionals from around the world for training, networking and collaboration on modern policing challenges.

Carahsoft is thrilled to be exhibiting at IACP Annual Conference. Be sure to stop by our booth to see live demos from our vendor partners as they showcase how their technology is helping Law Enforcement today.

2026 Law Enforcement Innovation Summit

This annual event, hosted by Carahsoft, unites relevant vendors, partners and Law Enforcement customers for a day of panels, speaking sessions and networking. Attendees learn about an array of Law Enforcement and cybersecurity related topics, including legislative updates concerning grant funding in the field, how to maximize technology in a privacy-conscious society, the modernization of Law Enforcement technology surrounding forensic investigations and the cloud, tips for collaboration and information sharing among the industry and the current cybercrime landscape.

In 2026, the Law Enforcement Innovation Summit will convene professionals from across the law enforcement community for a day of insightful panels, expert-led sessions and valuable networking opportunities. A central focus will be the evolving role of AI in law enforcement—balancing innovation with caution as agencies address the risks, responsibilities and the pressing need to stay ahead of a rapidly changing crime landscape. Visit our Law Enforcement website in 2026 for more information on this event!

Homeland Security Week

Leading experts from the Department of Homeland Security (DHS), the Department of Justice (DOJ) and the Law Enforcement industry will join at Institute Defense Government Advancement’s 19th Homeland Security Week Summit in 2026 addressing pressing security challenges. The event highlights advancements in artificial intelligence, cloud computing, cybersecurity, biometrics, border security, counter-unmanned aircraft systems, infrastructure resilience and local Law Enforcement strategies. Featuring keynote sessions, expert panels and networking opportunities, this summit enables attendees to connect with leaders shaping the future of homeland security.

Homeland Security Week provides a valuable opportunity to highlight leading law enforcement technology solutions and the innovative work of top industry partners. Visit our website to learn more about our law enforcement technology partners and Carahsoft’s 2026 involvement.

ISC West

March 23-27, 2026 | Las Vegas, NV | In-Person Event

The International Security Conference and Exposition (ISC West) is a security industry event focused on the latest advancements in physical security and cybersecurity technologies. The conference provides a platform for public safety and security professionals and industry leaders to network. With four days full of comprehensive sessions and product demonstrations, ISC West highlights emerging trends in drones and robotics, smart homes, cybersecurity and connected Internet of Things (IoT) and more in the fields of access control, video surveillance and integrated security solutions.

Carahsoft looks forward to engaging and meeting with our law enforcement customers at ISC West in 2026. This event will feature a range of exhibitors showcasing innovative solutions and educational content from leading technology providers supporting the law enforcement community.

Border Security Expo 2026

May 5-6 , 2026| Phoenix, AZ | In-Person Event

This annual event unites Government officials, Law Enforcement and industry experts to explore cutting-edge technologies, policies and solutions for securing national borders and ensuring public safety. Designed specifically around the border community, this expo enables attendees to engage in critical discussions and address the challenges and advancements in border protection and security.

The event will feature leading technology providers demonstrating their solutions and sharing educational content. For more information on how to get involved in Carahsoft Law Enforcement events, please visit our website.

IACP Tech 2026

May 14-21, 2026 | Fort Worth, TX | In-Person Event

The International Association of Chiefs of Police Technology Conference (IACP Tech) focuses on the integration and advancement of technology in Law Enforcement, offering specialized training and discussions on topics such as data management, cybersecurity and digital policing tools. This event brings together Law Enforcement leaders, IT professionals and technology experts, providing a platform for exploring the latest innovations and solutions that enhance police operations and public safety.

The event will feature a range of exhibitors, including leading technology providers showcasing their solutions and presenting informative content to attendees. Carahsoft intends to exhibit at IACP Tech in 2026.

Check out one more event:

AFCEA LEAPS

TBD | Washington, D.C | In-Person Event

The AFCEA LEAPS Technology Forum is an event focused on advancing technology solutions for Law Enforcement, public safety and homeland security agencies. It brings together industry leaders, Government officials and technology experts to discuss emerging trends, innovative tools and strategies to enhance public safety operations.

The event offers a valuable opportunity for connection between industry and Government, including dedicated networking sessions such as the Evening Reception.

By collaborating with other Public Sector agencies, thought leaders and industry and vendor partners to share the best practices and the latest safety solutions, Law Enforcement can improve its capabilities to combat cyberattacks, protect civilians and maintain national security.

Explore our vendor partners delivering innovative technology solutions for Law Enforcement:

Cellebrite

Mark43

Magnet Forensics

Chainalysis

Verkada

Idemia Public Security

LiveView Technologies

Wrap Technologies

To learn more or get involved in any of the above events please contact us at  LawEnforcementMarketing@Carahsoft.com. For more information on Carahsoft and our industry leading Law Enforcement technology partners’ events, visit our  Law Enforcement solutions portfolio.

7 Reasons Why Trustwave’s FedRAMP Status is Key for U.S. Vendors

Posted on by Bill Rucker

While selling technology or services to the U.S. Federal Government offers a tremendous opportunity, it also involves navigating complex requirements—especially in the area of cybersecurity.

Federal agencies handle sensitive data and demand the highest levels of security assurance.

This is where the Federal Risk and Authorization Management Program (FedRAMP) comes in, acting as the crucial gatekeeper for cloud services used by the Government.

For vendors looking to succeed in the Federal marketplace, partnering with or building upon services from a FedRAMP-authorized provider isn’t just helpful—it’s often essential.

Trustwave has achieved FedRAMP Authorization for its Government Fusion platform (delivering Managed Detection and Response (MDR) and Co-Managed SIEM/SOC services) which makes Trustwave an ideal partner for any U.S. Government vendor, and here’s why:

1. Instant Credibility: The FedRAMP Stamp of Approval

FedRAMP is the standardized, rigorous security framework mandatory for Federal agency cloud deployments. Achieving FedRAMP Authorization is a lengthy, complex and resource-intensive process, demonstrating an exceptional commitment to security.

Leveraging Trustwave’s FedRAMP-authorized platform instantly elevates your offering’s credibility. It signals to agencies that the underlying security meets the Government’s stringent standards and is vetted through an exhaustive process. Trustwave is notably the first pure-play MDR provider to achieve this status, adding further weight to its credentials.

2. Enhanced Trust and Credibility

Achieving FedRAMP authorization is no small feat. It involves a rigorous evaluation process that includes detailed security assessments and continuous monitoring. Trustwave’s compliance with these standards enhances its credibility and trustworthiness, making it a reliable partner for Government vendors who must adhere to strict security protocols.

Trustwave, 7 Reasons Why Trustwave's FedRAMP Status is Key for US Vendors, blog, embedded image, 2025

3. Meeting Rigorous Federal Security Mandates

FedRAMP isn’t just a checkbox; it ensures robust, ongoing security. Authorization requires continuous monitoring, regular assessments and adherence to strict controls based on NIST standards.

Partnering with Trustwave assures agencies that your solution’s security components adhere to these high standards. Furthermore, Trustwave’s authorization, operating within AWS GovCloud and meeting “U.S. eyes only” requirements, directly supports vendors needing to comply with other critical mandates like the Cybersecurity Maturity Model Certification (CMMC) required for the Defense Industrial Base (DIB).

4. Access to a Wider Government Market

Simply put, FedRAMP authorization is often a non-negotiable requirement for Federal cloud contracts. Without it, market access is severely limited.

By partnering with Trustwave, you align your solution with a provider that has already unlocked the door to Federal agencies requiring FedRAMP compliance. This accomplishment expands your potential customer base significantly. Trustwave also holds GovRAMP authorization, potentially easing access to State and Local Government markets as well.

5. Leveraging Proven Cybersecurity Expertise

Trustwave’s FedRAMP authorization covers its Government Fusion platform, delivering critical Managed Detection and Response and Co-Managed SOC services operated by cleared U.S. personnel.

This means you’re not just getting compliance; you’re gaining the backing of a recognized leader in threat detection, response and managed security. Access to Trustwave’s expertise, including insights from their elite SpiderLabs team, strengthens your overall security posture and value proposition.

6. Continuous Monitoring and Improvement

FedRAMP requires continuous monitoring of security controls and regular updates to address emerging threats. Trustwave’s commitment to ongoing security improvements ensures that Government vendors benefit from the latest advancements in cybersecurity. This proactive approach helps mitigate risks and enhances the overall security posture of Government operations.

7. Support for Cloud Adoption

As Government agencies increasingly adopt cloud technologies, having a FedRAMP-authorized partner like Trustwave is invaluable. Trustwave’s expertise in cloud security helps Government vendors transition to the cloud securely, ensuring compliance with Federal regulations while leveraging the benefits of cloud computing.

In the competitive and security-conscious Federal marketplace, alignment with FedRAMP is critical. Trustwave’s FedRAMP Authorization achievement provides U.S. Government vendors with a powerful advantage.

Partnering with Trustwave offers enhanced credibility, accelerates procurement cycles, ensures compliance with stringent security mandates like FedRAMP and CMMC, broadens market access and leverages world-class cybersecurity services.

For vendors serious about succeeding in the U.S. Public Sector, Trustwave’s FedRAMP status makes them a perfect fit.

To learn more about why partnering with a FedRAMP authorized vendor like Trustwave Government Solutions can help your organization succeed in the Federal marketplace, please visit TGS.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Trustwave we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Accelerating The Healthcare AI Revolution: Reasoning Models and Data

Posted on by Debojyoti (Debo) Dutta

The healthcare industry stands at the precipice of transformation. While artificial intelligence (AI) has been utilized in healthcare for decades, analyzing OMICS and supporting drug discovery, recent advancements in generative AI (GenAI) and reasoning models are redefining what’s possible, especially when connected to private data. This evolution represents not just incremental improvement but a fundamental shift in how technology can augment healthcare delivery.

The Accelerating Pace of AI Evolution

The GenAI movement that emerged around 2017 added a new dimension, enabling AI to create content. However, it was the 2022 release of ChatGPT that democratized access to these capabilities, creating a “Wright Brothers moment,” springboarding the industry of AI. Suddenly, everyone from children to healthcare professionals began experimenting with these systems, often finding productivity gains despite the limitations of early versions of the technology.

Just as organizations were adapting to this new reality, reasoning models emerged in late 2024. These systems do not simply generate content, but think through problems step by step, mirroring human cognitive processes. Within months, more efficient, open-source reasoning models followed, making this technology accessible even for regulated industries like healthcare (e.g. Med-R1 8B).

GenAI Reasoning Models in Healthcare

GenAI enables healthcare professionals to work more efficiently, freeing time to engage with patients. Unlike earlier models, recent GenAI reasoning models provide transparency into their decision-making process. These models can now power advanced AI agents using healthcare-specific models like Google AIM, Med-PaLM 2 or Med-R1. This auditability is crucial in healthcare, where understanding why a recommendation was made is often as important as the recommendation itself.

Before implementing AI agents and reasoning, agencies should define clear outcomes and goals. Here are several factors to consider when integrating GenAI into your agency:

Data Strategy: The effectiveness of AI models depends significantly on the quality and privacy of your data. Organizations need clear protocols for creating evaluation datasets and managing sensitive patient information that can be kept sovereign.
Infrastructure Decisions: Healthcare organizations must decide whether to deploy models in the cloud or on-premises, considering regulatory requirements and data sensitivity. A hybrid approach often provides the flexibility needed to address various use cases.
Model Selection: Open-source models now trail proprietary options by only about six months in capabilities while offering cost advantages and greater control. Many organizations are adopting hybrid strategies, using proprietary models for cutting-edge applications and open-source alternatives for routine tasks.
Scale Considerations: Small, specialized language models can be more efficient for specific healthcare tasks, while larger models may be necessary for complex reasoning about treatment options or research questions.

Agencies should prepare robust data governance frameworks and flexible infrastructure that spans cloud and on-premise environments to enable healthcare personnel to use GenAI effectively. Overall, GenAI enables healthcare professionals to work more efficiently, enabling them to connect more with patients.

Your Journey to an AI Future Starts Now

The future of healthcare will be augmented by reasoning models, making healthcare more affordable and accessible for all.

Some new, AI-driven areas to watch for include:

Data Interaction: LLMs will navigate complex healthcare data ecosystems, from electronic health records to genomic data, answering nuanced clinical questions without requiring complex programming.
Planning and Research: By functioning as collaborative partners in research, the models look to help design clinical trials, analyze research literature and develop treatment protocols.
Actionable Workflows: Reasoning models will help automate clinical and administrative processes while incorporating human feedback in a continuous improvement cycle.

AI agents will begin to help address the acute staffing shortages plaguing healthcare systems worldwide. These digital assistants can handle routine documentation, answer common patient questions, and provide decision support, allowing clinicians to focus on direct patient care. As AI systems become more affordable and consumption increases, we’re likely to see a revolution in healthcare accessibility, particularly for underserved populations, with AI agents augmenting healthcare workers’ efforts.

The journey toward AI-augmented healthcare is accelerating faster than most experts predicted. For healthcare leaders, the question is no longer whether to embrace these technologies, but how to implement them to improve care while maintaining the human connection that defines healthcare.

The content of this blog was pulled from the Healthcare Information and Management Systems Society (HIMSS) panel, “Accelerating Enterprise GenAI.” To learn more about Nutanix GenAI, visit Nutanix’s AI Solution page.

Preparing Federal Systems for Post-Quantum Security: A Strategic Approach

Posted on by Gina Scinta

Federal agencies face an urgent timeline to protect their most sensitive data from quantum computing threats. Quantum computers leverage physics principles like superposition and entanglement to perform calculations faster than classical computers, posing a significant threat to current encryption standards. Adversaries employ “harvest now, decrypt later” tactics, collecting encrypted data to store until there is a quantum computer powerful enough to break the encryption. The National Institute of Standards and Technology (NIST) released standardized Post-Quantum Cryptography (PQC) algorithms designed to withstand quantum attacks, ensuring long-term data security. The U.S. Federal Government has also issued guidance urging Federal agencies to update their IT infrastructure and deploy crypto-agile solutions that utilize today’s classical encryption algorithms and provide the ability to upgrade to PQC algorithms to combat this threat.

With the Cloud Security Alliance projecting cryptographically relevant quantum computers by 2030, agencies must implement these quantum-resistant algorithms before current security measures become obsolete.

The Quantum Threat Landscape

Current public key infrastructure (PKI), which underpins the internet, code signing and authentication, faces an existential threat from quantum computing. This vulnerability extends beyond theoretical concerns to three specific risk areas affecting Federal systems:

Harvest Now, Decrypt Later: Attackers intercept communications and data today, storing them until quantum computers can break the encryption—potentially exposing Government secrets and sensitive information.
Forged Signatures: Quantum capabilities could enable impersonation of trusted entities, allowing attackers to load malicious software to long-life devices or create fraudulent financial transactions that impact both commercial and Federal Government systems.
Man-in-the-Middle Attacks: Advanced quantum computing could facilitate access to secure systems, potentially compromising military command and control (C2) environments, disrupting critical infrastructure and interfering with elections.

The most vulnerable assets are those containing long-lived data, including decades of trade secrets, classified information and lifetime healthcare and personal identifiable information. Short-lived data that exists for hours or months faces considerably less risk from quantum-enabled decryption.

Post-Quantum Cryptography Standards and Timeline

The standardization of quantum-resistant algorithms represents the culmination of an eight-year process spearheaded by NIST. In August 2024, NIST published its final standards for three critical algorithms:

ML-KEM (formerly Crystals-Kyber) | FIPS 203 | Key Encapsulation
ML-DSA (formerly Crystals-Dilithium) | FIPS 204 | Digital Signature
SLH-DSA (formerly HSS/LMS) | FIPS 205 | Stateless Hash-Based Signature

A fourth algorithm, FND-DSA (formerly Falcon), is still pending finalization. Simultaneously, NIST has released Internal Report (IR) 8547, providing comprehensive guidelines for transitioning from quantum-vulnerable cryptographic algorithms to PQC.

The National Security Agency’s (NSA) Commercial National Security Algorithm Suite 2.0 (CNSA 2.0), released in September 2022 with an FAQ update in April 2024, outlines specific PQC requirements for National Security Systems. These standards have become reference points for Federal agencies beyond classified environments, establishing a staggered implementation timeline:

2025-2030: Software/firmware signing
2025-2033: Browsers, servers and cloud services
2026-2030: Traditional networking equipment
2027: Begin implementation of operating systems

Crypto Agility and Transition Strategy

It is essential for Federal agencies to deploy crypto-agile solutions that provide the ability to quickly modify underlying cryptographic primitives with flexible, upgradable technology. This capability allows organizations to support both current algorithms and future quantum-resistant ones without hardware replacement.

A comprehensive transition strategy includes seven critical steps:

Awareness: Understand the challenges, risks and necessary actions to prepare for quantum threats.
Inventory and Prioritize: Catalog cryptographic technologies and identify high-risk systems—a process the Cybersecurity and Infrastructure Security Agency (CISA) mandated via spreadsheet submission last year.
Automate Discovery: Implement tools that continuously identify and inventory cryptographic assets, recognizing that manual inventories quickly become outdated.
Set Up a PQC Test Environment: Establish testing platforms to evaluate how quantum-resistant algorithms affect performance, as these algorithms generate larger keys that may impact systems differently.
Practice Crypto Agility: Ensure systems can support both classical algorithms and quantum-resistant alternatives, which may require modernizing end-of-life hardware security modules.
Quantum Key Generation: Leverage quantum random number generation to create quantum-capable keys.
Implement Quantum-Resistant Algorithms: Deploy PQC solutions across systems, beginning with high-risk assets while preparing for a multi-year process.

Practical Implementation of PQC

Thales, Preparing Federal Systems for Post Quantum Security, blog, embedded image, 2025

Federal agencies should look beyond algorithms to consider the full scope of implementation requirements. The quantum threat extends to communication protocols including Transport Layer Security (TLS), Internet Protocol Security (IPSec) and Secure Shell (SSH). It also affects certificates like X.509 for identities and code signing, as well as key management protocols.

Hardware security modules (HSMs) and high-speed network encryptors serve as critical components in quantum-resistant infrastructure. These devices must support hybrid approaches that combine classical encryption with PQC to maintain backward compatibility while adding quantum protection.

The National Cybersecurity Center of Excellence (NCCoE) is coordinating a major post-quantum crypto migration project involving more than 40 collaborators, including industry, academia, financial sectors and Government partners. This initiative has already produced testing artifacts and integration frameworks available through NIST Special Publication (SP) 1800-38.

Crypto Discovery and Inventory Management

Automated discovery tools represent a crucial capability for maintaining an accurate and current inventory of cryptographic assets. Unlike the one-time manual inventories many agencies completed in 2022-2023, these tools enable continuous monitoring of cryptographic implementations across the enterprise.

Several vendors offer specialized solutions for cryptographic discovery, including InfoSec Global, Sandbox AQ and IBM. These tools can:

Discover and classify cryptographic material across environments
Identify which assets are managed or unmanaged
Determine vulnerability to quantum attacks
Support centralized crypto management and policies

The Cloud Security Alliance has coined the term “Y2Q” (Years to Quantum) as an analogy to the “Y2K bug,” highlighting the need for systematic preparation. However, the quantum threat represents a potentially more significant risk than Y2K, with a projected timeline that places a cryptographically relevant quantum computer capable of breaking current cryptography by April 14, 2030.

Moving Forward with Quantum-Resistant Security

The transition to post-quantum cryptography is not optional for Federal agencies—it is an imperative. While the process requires significant investment in time and resources, the alternative—leaving sensitive Government data vulnerable to decryption—poses an unacceptable risk to national security.

Agencies should begin by evaluating their existing cryptographic inventory, prioritizing systems with long-lived sensitive data and developing implementation roadmaps aligned with NIST and NSA timelines. By taking incremental steps today toward quantum-resistant infrastructure, Federal organizations can ensure their critical information remains secure in the quantum computing era.

To learn more about implementing quantum-resistant security in Federal environments, watch Thales Trusted Cyber Technologies’ (TCT) webinar, “CTO Sessions: Best Practices for Implementing Quantum-Resistant Security.”

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Thales TCT we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

The Hidden Threat: Why Ignoring Non-Human and Third-Party Identities is a Risk You Cannot Afford

Posted on by Frank Briguglio

I had the opportunity to present and discuss the threat of Non-Human and Third-party Identities at AFCEA TechNet Cyber with the Department of Defense (DoD) community. It is obvious that the maturity of Identity, Credential and Access Management (ICAM) and all identities is top of mind. The Industry, the National Institute of Standards and Technology (NIST), Department of Homeland Security – Cybersecurity and Infrastructure Security Agency (DHS CISA) and the DoD are all starting to focus on the problem, as it is recognized that identity is no longer just an IT problem—it is the front line of defense. We have been deep in digital transformation and the adoption of Zero Trust frameworks and have discovered an inconvenient truth: most organizations are flying blind when it comes to managing the very identities that power their operations—non-human and third-party users.

And that is a problem.

The New Cyber Perimeter: Identity

The old perimeter—firewalls and virtual private networks (VPNs)—is dead. What stands between you and the next breach is your ability to govern who or what has access to your systems. Yet many agencies remain fixated on credentials and authentication, while ignoring vast swaths of non-human actors (bots, robotic process automations (RPAs), service accounts) and external partners (vendors, contractors, mission partners).

This is not just a gap. It is a canyon.

According to Deloitte, 63% of organizations lack visibility into third-party access. Even more troubling, most have no way to list or audit all machine identities operating in the background. These invisible accounts often have persistent, high-level access and no formal governance, making them prime targets for threat actors.

Real-World Breaches, Real-World Consequences

Look no further than the SolarWinds and Okta breaches. In both cases, attackers exploited unmanaged service accounts or contractor credentials to move laterally and escalate privileges. These were not arcane zero-days—they were lapses in identity governance. And they cost credibility, customer trust and in some cases, national security.

The lesson? You cannot protect what you cannot see. And you definitely cannot secure what you do not control.

Why Automation and Governance Are Non-Negotiable

In a Zero Trust architecture, access is no longer assumed—it is continuously verified. But that verification breaks down when service accounts are created ad hoc, with no expiration dates, no ownership and no audit trail. The same goes for third-party users who are onboarded through spreadsheets or informal emails, then forgotten once their project ends—yet their access lives on.

This is how breaches happen.

Governance gaps like these leave organizations exposed to avoidable risks: policy drift, compliance violations, excessive access rights and a lack of accountability. Without automation and lifecycle management, identities multiply faster than security teams can manage them—leading to sprawl, privilege creep and ultimately attack surface expansion.

The Case for Identity-Centric Security

Modern enterprises need identity security platforms that extend beyond the traditional workforce. That means treating machine and third-party identities with the same level of scrutiny, controls and lifecycle management as full-time employees.

SailPoint’s approach offers a compelling blueprint:

Non-Employee Risk Management (NERM): Centralized, auditable workflows for third-party access, including onboarding, offboarding and access reviews.
Machine Identity Security (MIS): AI-driven discovery, classification, ownership assignment and access certification for bots, RPAs and service accounts.

Together, these capabilities provide visibility and governance across all identities, regardless of origin. They also support Zero Trust mandates like least privilege, just-in-time access and continuous verification.

Business Benefits Beyond Security

This is not just about reducing risk. It is about enabling speed and scale without sacrificing control.

With strong identity governance:

Mission partners and contractors get the access they need faster—without creating long-term exposure.
Audit preparation becomes easier, with clear logs of who had access to what, when and why.
Compliance improves, especially in regulated industries, based on NIST and other frameworks.
Security teams can shift from reactive firefighting to proactive risk management.

And perhaps most importantly: organizations become more resilient in the face of evolving threats.

The Bottom Line

Cybersecurity is no longer just about protecting data—it is about protecting trust. And trust starts with visibility and control over every identity that touches your systems.

If your organization is still relying on outdated processes to manage non-human and third-party users, now is the time to act. Inaction is not neutral—it is a strategic liability. As attack surfaces expand and adversaries grow more sophisticated, unmanaged identities will remain the soft underbelly of your defenses.

Zero Trust is not just a framework—it is a mindset. And in that mindset, every identity matters.

It is time to see what has been hiding in plain sight.

Ready to reinforce your identity perimeter? Discover how SailPoint’s ICAM solutions empower organizations to manage digital identities with precision. Explore Now.

The Top Zero Trust Events for Government in 2025

Posted on by Alex Whitworth

Zero Trust stands out within the cybersecurity market because of its transformative approach to the immensely secure framework of “never trust, always verify.” Zero Trust cybersecurity technology industry experts are driven to safeguard Government networks and offer solutions that align with protecting critical information and reducing risk to national security. Carahsoft supports vendors that help Government organizations understand Zero Trust frameworks, develop a Zero Trust strategy and implement a Zero Trust Architecture (ZTA). Throughout this year, Carahsoft and our partners are participating in several events focused on strengthening Zero Trust throughout the Public Sector. Join us to learn how the industry and Government can collaborate to stay ahead of cybersecurity challenges and build a strong foundation for proactive security.

Public Sector Network Government Cybersecurity Showcase Series

Multiple Dates | In-Person Events

Join PSN’s Government Cybersecurity Showcases, a series of events making multiple stops where attendees can explore how Public Sector leaders can embrace innovation while strengthening cybersecurity. As agencies adopt AI, data analytics and smart technologies, the need for resilient Zero Trust frameworks has never been greater. This event will highlight strategies for securing digital transformation, protecting critical infrastructure and fostering cross-sector collaboration—ensuring that innovation enhances, rather than compromises, security and trust. Don’t miss the teaser for our upcoming cybersecurity series to get a sneak peek at the experts, insights and innovations shaping the future of cyber defense.

Events to look out for:

Tallahassee, FL – August 27: Agenda

Columbus, OH – September 2025: Agenda Coming Soon!

Austin, TX – November 12: Agenda coming soon!

Carahsoft has partnered with Public Sector Network to host the 2025 Government Cybersecurity Showcase Series, a multi-city event series focused on the evolving landscape of cybersecurity in the Public Sector. These in-person events will bring together Government decision-makers and industry leaders to explore how innovative technologies—from AI to Zero Trust—are reshaping agency security strategies. Carahsoft is offering sponsorship opportunities to our partners. If you are a partner interested in further details on how to participate, please contact your Carahsoft Team.

SANS Government Security Solutions Forum

July 22 | Virtual Event

The SANS Institute stands on a mission of empowering cybersecurity professionals and honoring the highest standard in cybersecurity education to make the world a safer place. The Government Security Solutions Forum will delve into the latest trends in network protection, AI and cyber defense, supply chain, workforce development and more to help attendees understand how to combat modern threats effectively. In previous years, participants engaged with technology experts and listened to unique panel discussions with audience Q&As surrounding invaluable security initiatives across the Public Sector in areas such as Zero Trust implementation, achieving CMMC compliance and harnessing AI. Join us at this year’s event for all this and more!

Stay tuned for the official 2025 agenda. Here are some of the topics you can expect at this year’s event:

AI-Augmented Cyber Defense

Zero Trust Architecture

Cyber Defense Best Practices

Securing Government’s Expanding Attack Surface

Navigating Compliance Challenges

Emerging Cyber Threats and Future Trends

Carahsoft looks forward to partnering with the SANS Institute for the 5^th year in a row to bring this event to life. Carahsoft has over 800 employees focused on cybersecurity and partnerships with over 150 vendors. To learn more about the topics discussed at the forum and what to expect in July, read our highlights from last year’s event.

930gov Conference

July 31 | Washington, D.C. | In-Person Event

The 930gov Conference is the annual multi-track conference that brings together Government IT professionals, thought leaders and solution providers for a full day of education and networking. Hosted by the Digital Government Institute, this one-day event covers a range of critical topics including Cybersecurity/Zero Trust, AI, Cloud, Data and Records Management and Enterprise Architecture. With its turnkey format, 930gov offers Government attendees and sponsors alike a streamlined, high-impact experience—making it one of the most accessible and valuable events of the year.

Sessions to look out for:

Cyber/Zero Trust Track: Intersection of Cyber, AI and Privacy – This track will feature Zero Trust implementation lessons learned, advancements in continuous monitoring and the evolving threat landscape, including the rise of AI-driven phishing.

Carahsoft is partnering with DGI to support this event. 2025 sponsors included Carahsoft partners such as Microsoft and Armis. Carahsoft and DGI are offering Turn-key Booth sponsorships that feature premium exhibitor booth space, lead retrieval and overall access to the event. If you would like to get involved, please contact your Carahsoft Team.

Billington Cybersecurity Summit

September 9-12 | Washington, D.C. | In-Person Event

A long standing and experienced event, the Billington Cybersecurity Summit features an extensive array of cyber topics, speakers, sessions and interactive breakouts for attendees to truly immerse in the world of today’s emerging cybersecurity solutions and trends. In its 16^th year running, this leading Government cybersecurity summit promises an exceptional lineup of Government presenters, an invaluable leadership luncheon, an all-attendee networking reception and over 100 vendor booths featuring strategy development and technology demos.

For a sneak peek into what you can expect at the summit, topics covered during last year’s event included:

Zero Trust

Ransomware

Advancing cyber diplomacy

Protecting critical infrastructure

Learning how to use proactive defenses

Engineering AI into cybersecurity platforms

Implementing an effective risk management approach

Carahsoft is looking forward to sponsoring this year’s event and will feature a booth to engage with attendees throughout the week. We will also be hosting a large partner pavilion and encourage attendees to stop by and learn more about our partners and their technology solutions. Check out the events tab on our website for more details closer to the event! 

Carahsoft Cyber Leaders Exchange

October 1-2 | Virtual Event

Presented by Carahsoft in collaboration with Federal News Network, The Cyber Leaders Exchange will dive into how the Government is building cyber resilience, including showcasing tips, tactics and tools to support your organization’s mission-critical cybersecurity efforts. Look forward to sessions about cybersecurity strategy-building, workforce challenges, AI within cybersecurity, Zero Trust and informative speakers from trusted technology vendors as well as Government experts.

Join Federal News Network for Carahsoft’s 4th Annual Cyber Leaders Exchange, taking place virtually on October 1st and 2nd. This dynamic two-day event will spotlight top voices in Government and industry talking about Cybersecurity. Additional details coming soon. Carahsoft is offering sponsorship opportunities to our partners. If you are a partner interested in further details on how to participate, please contact your Carahsoft Team.

ATARC Public Sector Zero Trust Summit

October 23 | Reston, VA – Carahsoft Conference and Collaboration Center | In-Person Event

This in-person event will feature expert discussions, networking opportunities and insights into the strategies and technologies driving secure, resilient Government operations.

Sessions to look out for:

Building and Measuring Success in Public Sector Security – This session explores practical approaches to adopting ZTA aligned with current Executive Orders focusing on challenges such as identity management, secure access and legacy system integration.

Zero Trust Beyond Compliance – This session will explore how to leverage modern tools, enhance data protection and integrate Zero Trust into existing infrastructures without disrupting mission-critical operations.

Zero Trust and the Cloud: Strategies for Federal Hybrid Environments – This session will focus on strategies for implementing Zero Trust in federal operations that span both cloud and on-premises systems.

Enhancing Efficiency: Trends, Innovations and the Future of Zero Trust – Explore emerging trends and innovations shaping the future of cybersecurity, including advancements in automation, AI-enhanced threat detection and quantum-resilient encryption.

Carahsoft is proud to serve as the event partner and host for the ATARC Public Sector Zero Trust Summit for the 7^th year. Carahsoft is offering sponsorship opportunities to our partners. If you are a partner interested in further details on how to participate, please contact your Carahsoft Team. Attendees will also have the opportunity to earn up to 6 CPE Credits.

RSA Public Sector Day 2026

March 23-26 | San Francisco, CA | In-Person Event

The 13th Annual RSA Public Sector Day at the RSA Conference examines key areas such as developing a strong cybersecurity workforce, understanding the impact of artificial intelligence (AI) on both offensive and defensive cyber operations and improving the exchange of information among Government entities.

Attendees will hear directly from top Government leaders and industry professionals as they discuss their perspectives and strategies for enhancing cybersecurity across all levels of Government and healthcare. Check out our website for more information about our involvement in 2026.

AFCEA TechNet Cyber

June 2-4 | Baltimore, MD | In-Person Event

This flagship event serves as the center of gravity for a whole-of-government effort to bring together the policy, strategic architecture, operations and Command and Control (C2) leaders—along with the joint capabilities—needed to meet the global security challenges and successfully operate in a digital environment.

Carahsoft’s and more than 50 partners will attend to showcase a full range of cybersecurity, AI, DevSecOps and cloud solutions.

As Government agencies are implementing Zero Trust strategies to meet sophisticated threats, it is imperative that the tech industry provides the most up-to-date information and solutions surrounding cybersecurity. Join Carahsoft and our partners at this year’s events to be a part of the innovative path forward.

To learn more or get involved in any of the above events please contact us at ZeroTrustMarketing@Carahsoft.com. For more information on Carahsoft and our industry leading OSINT technology partners’ events, visit our Zero Trust solutions portfolio.

Key Insights from Global Cyber Innovation Forum 2025

Posted on by Alex Whitworth

The 2025 Global Cyber Innovation Forum served as a premier gathering where cybersecurity’s most pressing challenges meet collaborative solutions.

Hosted by Forgepoint Capital, Snowflake, Forescout, Google Cloud and Carahsoft at the Embassy of Canada in Washington, D.C., the Forum brought together a curated audience of influential cyber leaders from across the globe, including industry executives, Government officials, policy leaders, venture capitalists and thought leaders from academia and the non-profit sector.

This annual event provided a platform for critical discussions on emerging threats, technological innovation and strategic partnerships essential for securing our digital infrastructure. Five key themes stood out throughout the sessions:

National Security Threats with Supply Chain Vulnerabilities

The Rise and Race to AI Dominance

The Edge of Quantum Transformation

Typhoon of Attacks on Critical Infrastructure

Streamlining Cybersecurity Compliance

National Security Threats with Supply Chain Vulnerabilities

The digital supply chain, specifically software and applications civilians use, have increasingly become a source of critical national security vulnerabilities. Government officials and industry leaders warn that software and digital platforms sourced from foreign adversaries have reshaped the threat landscape by implanting foreign influence in the U.S. technology ecosystem.

Technology serves as a funding mechanism for adversaries and comes with a hidden price of mass data collection, making it easier for threat actors to access sensitive information and transform traditional cyberattacks. The lack of transparency in certain nation-states raises concerns on regulatory consequences, potentially giving adversaries a strategic edge in information warfare and creating a blind spot in the global tech supply chain.

U.S. leaders emphasize the necessity for regulated technology supply chains and accelerated Federal certifications, specifically FedRAMP, to ensure innovation does not come at the cost of national security.

Rise and Race to AI Dominance

With the rise of artificial intelligence (AI), data has become the modern form of power. Foreign adversaries are striving to build or gain access to data pipelines to fuel their AI models, bypassing privacy in a way that allows them to train AI models much faster than has been possible in America. The U.S. must counter this by accelerating our own AI model training and innovation, while safeguarding privacy and data integrity.

Government and industry experts state that AI is being underutilized across U.S. operations. The current administration has streamlined AI usage through Executive Order 14179: Removing Barriers to American Leadership in Artificial Intelligence and Executive Order 14277: Advancing Artificial Intelligence Education for American Youth. Additionally, AI should be deployed when combating advanced cyberattacks and automating routine cybersecurity efforts such as threat detection, incident response and vulnerability identification.

The Edge of Quantum Transformation

Emerging technologies such as quantum computing are rapidly approaching mainstream adoption. The massive amount of encrypted data currently stored in secret could be vulnerable to decryption within the next 5 to 10 years. This hovering threat has made the development and deployment of post-quantum cryptography a top priority for the U.S. Government. The race to post-quantum cryptography and quantum computers has not just been an urgency for the U.S. and its allies, but also for adversarial nation-states.

Typhoon of Attacks on Critical Infrastructure

Advanced persistent threat (APT) groups such as Salt Typhoon, Volt Typhoon and Flax Typhoon have already infiltrated critical infrastructure systems, often using “living off the land” techniques. These public and well documented attacks are considered digital terrorism, disrupting U.S. critical infrastructure operations and stealing intellectual property.

In response, the U.S. Government is prioritizing cyber hygiene, secure-by-design and the development of an integrated and robust defense system. Agencies, technology providers and critical infrastructure operators are heavily encouraged to collaborate through information sharing, adoption of emerging technologies and routine threat assessments. The severity of these cyberattacks have increased substantially, highlighting the urgency for a more proactive and coordinated national response from the U.S. Government.

Streamlining Cybersecurity Compliance

The current cybersecurity regulatory landscape presents a fragmented maze of overlapping requirements that hinder both innovation and effective security implementation. Government and industry security teams are overwhelmed by conflicting standards across Federal, State and agency-specific frameworks. Organizations must navigate multiple compliance frameworks—FedRAMP, National Institute of Standards and technology (NIST) requirements, Cybersecurity Maturity Model Certification (CMMC) and various state requirements—creating redundant processes that drain resources without enhancing security.

To address this, industry leaders are advocating for regulatory harmonization initiatives. Federal agencies are working to align various compliance frameworks while updating modernization strategies to build interoperability. By aligning around core standards like NIST 800-53 and implementing automated compliance tools, agencies can reduce complexity while maintaining robust cybersecurity postures. Forum participants agreed: harmonized regulations are essential to enabling secure innovation without compromising oversight.

The Global Cyber Innovation Forum demonstrated that securing America’s digital future requires unprecedented coordination between Government agencies, private industry and international allies. As adversaries continue exploit emerging technologies, the U.S. must respond with unified strategies that streamline regulations, accelerate innovation and sustain global cyber leadership. The insights shared offer a critical roadmap for defending against tomorrow’s threats in a rapidly evolving digital landscape.

Visit Carahsoft’s Resource Hub to dive deeper into the key takeaways, expert perspectives and resources from the 2025 Global Cyber Innovation Forum.