Category Archives: Cybersecurity

Cloud Security: Complex Threats, Clear Solutions

Posted on by
Reply

Cloud technology, for many years, enticed agencies looking for savings and efficiencies. Organizations pursued “cloud-first” policies that migrated data and applications away from onsite infrastructure and into the control, at least in part, of cloud service providers. While the cloud offered promising advantages, some agencies encountered unexpected cost challenges along the way. And lately, malicious actors have gotten exceptionally good at exploiting cloud vulnerabilities.

There isn’t one way to secure your cloud platform, unfortunately. You need a holistic, Zero Trust approach that combines security controls with cyber policies and procedures. Strong encryption and access rules, automated updates, clear visibility and detailed incident response plans are all critical. Knowing who’s responsible for what should go without saying. And repatriating data — bringing it back on premises, for example — is often a commonsense answer. 

“Agencies have to comply with stringent regulations … so that means they need a really robust [security] framework, all while managing the complexities of the cloud environment,” said Garrett Lee, Regional Vice President for Public Sector in Broadcom’s Enterprise Security Group. “Cloud, you know, solves some problems, but it also creates some others.”  

In this video interview, Lee explores both the opportunities that cloud computing offers and how to confront its security challenges. Topics include:  

  • What a holistic approach to cloud security entails
  • The cost and security drivers behind data repatriation, and why they matter
  • How to secure four critical domains: endpoints, data, the cloud and networks

Want to learn more cyber resilience strategies? Download Symantec, Carbon Black and Carahsoft’s guide to explore four critical cyber force multipliers that enhance agencies’ security posture amid growing threats and limited budgets.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Broadcom we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

This post originally appeared on GovLoop.com, and is re-published with permission

Efficient, Continuous Identity Verification with 1Kosmos’s Enterprise Identity Wallet

Posted on by
Reply

In the age of digital technology, digital identity wallets offer users a transportable, secure way of verifying their identity and certifications. Having a reliable, up-to-date method of verifying identity enables enterprises to swiftly and securely manage procedures.

Switching to Digital Wallets 

Digital wallets provide a flexible, streamlined experience for enterprises, employees, third-party contractors and business-to-business transactions. In spaces where transactions are high-risk, having a secure, verifiable identity to cross-reference is vital to security. Digital wallets can verify end users for active attorney license statuses, active medical licenses or to prove cybersecurity certifications, such as Certified Information Systems Security Professional (CISSP). These can follow employees throughout their employment. 

Utilizing digital wallets in decision-making spaces can help verify end users in addition to their every-day authenticators, similar to step-up authentication. Digital wallets verify identities, eliminating the need for social engineering. If credentials are needed to gain privileged user access, digital wallets help enterprises verify that the end user is who they say they are. For example, during emergencies, such as natural disasters, wallets can help verify that volunteers have active licenses in a timely manner. 

1Kosmos’s Enterprise Identity Wallets 

1Kosmos Identity Blog image

1Kosmos enterprise identity wallets deliver centralized, scalable identity management that enable organizations to securely provision and govern employee digital identities, credentials and access privileges across their entire technology ecosystem.

First, 1Kosmos verifies the end user by validating and verifying their provided documentation. Once verified, 1Kosmos creates a digital wallet by collecting, encrypting and storing an end user’s identification information in a private and permissioned ledger, allowing only the end user to access and share their personal data on their own initiative. This information cannot be accessed by 1Kosmos, as it goes through several layers of encryption. 

These wallets are built with World Wide Web Consortium (W3C) standards, providing an interoperable experience and enables users to reuse wallets and access their identification as often as needed.

1Kosmos’s Digital enterprise identity wallets are classified through a decentralized management system. 1Kosmos’s private, distributed ledger breaks up end users’ identification wallets, updating new certifications and licenses in its own personalized block, utilizing blockchain in the back end to provide a layer of security to encrypt information. Permissions are access based, providing a layer of security through segmentation. 1Kosmos’s wallets utilize attribute-based access control (ABAC) security, granting permissions based on matching data tags. With the proper credentials, end users can access files instantly.  

Protection for High-Risk Transactions

1Kosmos’s enterprise identity wallets have an array of features that make them perfect for high-risk transactions. The wallets have a private and permissioned ledger, offering a distributed identity experience over a centralized one. With Presentation Attack Detection (PAD) Level 1 and Level 2 certifications, 1Kosmos offers protection against deep fake attacks. 1Kosmos offers continuous vulnerability management, FedRAMP high authorization, Kantara certification and Federal Information Processing Standards (FIPS)-140-3 encryption. Perfect for enterprise use and a diverse set of end users, 1Kosmos’s wallets can verify identity, ensuring that all processes are efficient and secure.  

Visit 1Kosmos’s page to learn more about their full service, privacy preserving enterprise identity wallets.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including 1Kosmos we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Secrets to Public Sector Sales Success: Insights from Marion Square’s Harvey Morrison

Posted on by
Reply

The Federal Government needs more solutions, not more software. That is the message we at Marion Square get every day from our agency contacts. They do not want lists of product features or emails about why one technology is better than another. They want to know how that technology will meet their very specific needs, how it will fit into their unique IT architecture and, most importantly, how it will help them solve their challenges.

As such, successfully selling to agencies today looks a lot different from what it did a few years ago. It is not about getting 50 meetings with 50 different agencies; that scattershot approach is a waste of time. Instead, it is about ensuring that the right meetings are held and that each one matters.

That is where Marion Square comes in. We help technology vendors align their products with mission impact and operational fit. Our advisory approach blends deep market intelligence with tailored go-to-market strategies that position technology not as a product, but as an answer to an agency’s most pressing needs.

Based on our conversations with agency contacts, here are the key trends shaping Federal buying behavior, and how we recommend vendors respond.

The Three Pricing Archetypes Driving Public Sector Purchasing

The Government is still under immense pressure to bring costs down and increase efficiencies. Over the past few months, we have heard from many clients whose customers have called for price reductions. We advise them on three ways to respond:

Vendors must choose their approach carefully. A bold discount can open doors but risks setting unsustainable expectations. Value bundling requires clear articulation of how those added features meet specific mission needs. And while price cuts may help win deals in the short term, they should be anchored in a broader licensing or adoption strategy to avoid devaluation.

Partnering With Services Companies Is a Winning Strategy

Agencies need help navigating integration, implementation, training and sustainment. That is why partnering with services companies is essential. These firms bring institutional knowledge, procurement relationships and hands-on delivery capacity that agencies trust. When a vendor brings a product plus a credible partner to help stand it up, it reduces perceived risk and increases purchase confidence.

At Marion Square, we help clients align with the right service partners early in their go-to-market process. Doing so allows them to frame their offerings not as standalone tools, but as parts of larger, operationally relevant solutions.

Indeed, we have seen a lot of success when vendors position themselves alongside integrators or mission-focused contractors who already have traction within an agency. The collaboration strengthens the overall value proposition and gives agencies greater confidence that the solution can be deployed effectively and deliver measurable outcomes.

Agencies Look to Vendors For Education, Not Just Products

Many Federal stakeholders are overwhelmed by emerging technologies and new mandates. They value a partner who can help them unpack directives like the Cybersecurity and Infrastructure Security Agency (CISA) Binding Operational Directive (BOD) 23-02, for instance, or understand how artificial intelligence (AI) tools can improve workflows, cybersecurity initiatives and so forth. Vendors who show up with insight, rather than just information, become trusted advisors and separate themselves from the pack.

We also see a significant knowledge gap around the innovation programs already available to agencies. Beyond well-known pathways like Small Business Innovation Research Programs (SBIRs), many Government stakeholders are unaware of other funding mechanisms and pilot opportunities that could support emerging technologies. So, we work with clients to help them think of new ways to present their technology and receive funding for their solutions.

For example, we worked with a client focused on AI data processing who was using a traditional hardware approach. We identified an opportunity to reposition their architecture to align with a lesser-known innovation program, helped craft a targeted proposal and they secured funding. It is proof that vendors can add value by not only educating agencies on their capabilities but also guiding them toward untapped opportunities to fund and implement them.

Join Us This Fall

In October, we will be co-hosting a strategy session with our partner Carahsoft to discuss these and other issues. We will discuss current market trends and provide attendees with insights into crafting winning sales strategies that drive traction. We will cover what it takes to get agency attention, how to build messaging that resonates and how to position each solution as the one that helps Government teams deliver on their mission.

We hope you will join us!

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Marion Square we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Strengthening the OneGov Mission with a New GSA Offer for Broadcom Security Solutions 

Posted on by
Reply

The U.S. General Services Administration (GSA) is redefining Federal procurement through its OneGov Strategy, an initiative aimed at streamlining how Government agencies purchase and implement technology. This unified approach is designed to reduce costs, enhance cybersecurity, improve operational efficiency, and move away from the historically siloed procurement process. 

To help realize this vision, Broadcom is offering its robust security solutions to civilian and unclassified Department of Defense (DOD) agencies through a limited-time promotion—ensuring agencies can access trusted, commercial-grade tools with greater ease and affordability. 

Breaking Down Security Silos with Unified Protection 

The GSA’s OneGov strategy emphasizes the need for agencies to operate as a unified enterprise rather than isolated entities. Broadcom’s security portfolio directly supports this vision by providing integrated solutions that work cohesively across agency boundaries. The combination of Symantec Data Loss Prevention (DLP), Carbon Black Endpoint Detection and Response (EDR) and Carbon Black App Control creates a comprehensive security framework that addresses multiple threat vectors from a single console. 

This unified approach eliminates the complexity of managing disparate security tools while providing the visibility and control necessary for cross-agency collaboration. By streamlining policy management, reporting and incident response through integrated platforms, agencies can reduce administrative overhead and focus resources on mission-critical activities. 

Advancing Zero Trust Architecture Through Proven Technologies 

Executive Order on Improving the Nations Cybersecurity requires DoD agencies to establish plans to drive adoption of Zero Trust architecture, while also mandating enhanced software supply chain security and deployment of multifactor authentication and encryption. Zero Trust implementation requires foundational security capabilities that provide continuous verification and monitoring across all network control points. Broadcom’s security solutions deliver these essential components through proven technologies that have been battle-tested in the most demanding environments. 

Symantec DLP provides the highest level of data protection with real-time visibility and control over sensitive information. The platform automatically prevents data leaks through intelligent messaging blocking and modification capabilities, ensuring that critical Government assets remain secure whether in transit, at rest or in use. This automated approach reduces the burden on security teams while maintaining strict compliance with Federal data protection requirements. 

Carbon Black EDR continuously records endpoint activity, enabling proactive threat hunting and reactive incident response capabilities. This comprehensive visibility allows security teams to detect and respond to advanced threats even in air-gapped environments, providing persistent monitoring essential for Zero Trust architecture. 

Implementing Positive Security Models for Enhanced Protection 

Traditional security approaches rely on maintaining lists of known threats, which can quickly become outdated as attack vectors evolve. Carbon Black App Control takes a fundamentally different approach by implementing a positive security model that only allows trusted and approved software to execute on Government systems. 

This proactive security stance effectively prevents malicious attacks from establishing a foothold, thereby reducing the attack surface and providing agencies with greater confidence in their endpoint security posture.  

Flexible Deployment Options for Diverse Government Environments 

Government agencies operate across a spectrum of technical environments, from cloud-native deployments to air-gapped networks with limited connectivity. Broadcom’s security solutions are designed to function effectively across this entire range, providing consistent protection regardless of deployment constraints. 

Whether agencies require on-premises installation for sensitive workloads, cloud deployment for scalability or air-gapped operation for classified environments, these solutions maintain their full functionality and security effectiveness. This flexibility ensures that agencies with varying technical resources and requirements can implement comprehensive security measures without compromising their operational needs. 

Maximizing Value Through Strategic Procurement 

The current promotional offering saves 75% off GSA ceiling prices for net new license purchases, representing significant cost savings for DoD agencies looking to enhance their security capabilities. This promotion runs from August 1 through September 30, 2025, and is available through Carahsoft’s GSA Schedule with no minimum quantity requirements. 

The pricing structure is designed to be Government Purchase Card friendly, reducing procurement friction and enabling teams to quickly acquire the security tools they need. For existing customers, the promotion applies to net new licenses, allowing agencies to expand their security coverage while taking advantage of substantial savings. 

Carahsoft and our partners are here to support your agency in leveraging this simplified procurement pathway. Our team is available to deliver tailored quotes, arrange customized demonstrations and help you maximize the value of Broadcom’s solutions in advancing your modernization objectives. 

Ready to transform how your agency secures data and advances Zero Trust goals? Contact our Broadcom team at BroadcomFED@carahsoft.com or call us at 571-662-3260 to learn more and take advantage of this limited-time offer. 

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Broadcom we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Streamlining Federal Identity Management: How Okta Workflows Accelerate Cost Savings for Government 

Posted on by
Reply

The U.S. General Services Administration’s (GSA) OneGov strategy signals a major shift toward unified, efficient Government operations, breaking down technology silos and enabling agencies to work as a coordinated entity. At the core of this change is the need for modern identity management solutions that can automate complex processes while upholding top security standards. Automation can save agencies time, budget and drive outcomes for tool consolidation efforts. Okta Workflows provides Federal agencies with a no-code automation platform that simplifies identity operations and promotes collaboration across agencies. 

Breaking Down Identity Silos Through No-Code Automation 

Traditional identity management in Government often involves fragmented, manual processes that create operational bottlenecks and security vulnerabilities. Okta Workflows directly addresses these challenges by providing a unified automation engine that connects disparate systems without requiring custom coding. The platform’s pre-built connectors, reusable templates and Application Programming Interface (API) integrations enable agencies to orchestrate identity lifecycle events across multiple applications and cloud environments seamlessly. 

This approach eliminates the need for point solutions and manual workarounds that have historically contributed to siloed operations. By centralizing identity automation, agencies can ensure consistent policy execution across business units while maintaining complete audit trails for compliance reporting. 

Enhancing Cross-Agency Collaboration and Security 

Okta Workflows excels in supporting the OneGov vision of cross-agency collaboration through its robust security framework and automation capabilities. With FedRAMP High authorization and Federal Information Processing Standard (FIPS) 140-2 validated cryptography, the platform meets the Government’s most stringent security requirements while enabling streamlined operations. 

The solution automates essential identity processes, including: 

  • Joiner/mover/leaver workflows using Human Resources (HR) data and custom triggers 
  • Complex account creation with automated app assignments based on user attributes such as organizational unit and clearance level 
  • Real-time provisioning and deprovisioning across Software-as-a-Service (SaaS) applications, including Azure AD, Office 365 and Salesforce 

These automated workflows greatly reduce the workload on IT staff by decreasing password-reset tickets and access requests, while ensuring consistent policy enforcement across all systems. 

Accelerating Productivity While Maintaining Security Standards 

Government agencies face mounting pressure to deliver services more efficiently while maintaining strict security protocols. Okta Workflows addresses this challenge by dramatically reducing the time and effort required for routine identity management tasks. The platform’s automation capabilities free IT personnel from repetitive administrative work, allowing them to focus on mission-critical initiatives. 

The solution’s alignment with Zero Trust principles further enhances security posture by enforcing least privilege access, enabling continuous authentication and providing automated deprovisioning capabilities. This ensures that access rights are consistently managed throughout the user lifecycle, reducing security risks associated with delayed access revocations when personnel change roles or leave the organization. 

Simplified Procurement and Deployment 

Recognizing that Federal agencies often operate with limited technical resources, Okta Workflows is designed for rapid deployment and easy adoption. The no-code interface enables teams to build and implement identity automation processes without specialized programming skills. Pre-built templates and connectors accelerate time to value while minimizing the technical burden on agency staff. 

The solution is readily accessible through the General Services Administration (GSA) Schedule, providing Federal buyers with a compliant procurement path featuring pre-negotiated pricing and terms. This streamlined approach eliminates lengthy contract negotiations and enables agencies to acquire the tools needed to support their modernization objectives quickly. Carahsoft and Okta have collaborated to ensure the solution is available across major contracting vehicles with pricing structured to deliver optimal value, including: 

  • GSA 
  • Solutions for Enterprise-Wide Procurement (SEWP)  
  • Information Technology Enterprise Solutions (ITES)  
  • 2nd Generation Information Technology (2GIT) 

Supporting the Modern Federal Workforce 

As Government agencies continue their digital transformation journey, the need for sophisticated yet accessible automation tools has become increasingly critical. Okta Workflows provides the foundation for agencies to modernize their identity operations while supporting the broader OneGov vision of unified, efficient Government services. 

The platform’s combination of enterprise-grade security, intuitive automation capabilities and seamless integration with existing Government systems positions it as an ideal solution for agencies seeking to enhance productivity while maintaining strict compliance requirements.  

Ready to transform your agency’s identity management and join the OneGov movement? Contact our Okta team at Carahsoft today or call us at (833) 674-3990 to learn more and take advantage of this limited-time offer. 

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Okta we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Maximize Federal Data Protection with Commvault’s End-of-Fiscal-Year Bundle 

Posted on by
Reply

As Federal agencies approach the final stretch of fiscal year 2025, the challenge of securing comprehensive data security coverage while maximizing remaining budget dollars has become increasingly critical. Commvault has partnered with Carahsoft to deliver a strategic end-of-fiscal-year opportunity that combines substantial cost savings with the highest level of Federal security authorization available in the data protection market. 

Consolidating Data Protection Under a Single Platform 

Federal agencies often work with a range of vendors to meet their diverse data protection needs, which can introduce added complexity, training considerations and operational demands. Commvault’s Data Protection Bundle addresses this challenge by unifying data protection, Active Directory protection and air-gapped data security capabilities under one comprehensive platform. 

This consolidation approach delivers measurable operational benefits that extend beyond cost reduction. Agencies can significantly minimize the time required for deployment and training, reduce management costs and improve their response capabilities during critical events such as ransomware attacks or data loss incidents. When every minute counts in a recovery scenario, having a unified platform can mean the difference between rapid restoration and extended downtime. 

Setting the Security Standard with FedRAMP High Authorization 

Federal agencies operate under stringent security requirements that often limit their technology choices, particularly when handling sensitive or classified information. Commvault distinguishes itself as the only data protection provider to achieve FedRAMP High authorization while maintaining availability across all major cloud platforms. 

This security credential represents the highest level of authorization available for cloud services serving Government customers, demonstrating Commvault’s ability to meet the most demanding Federal security standards. For agencies required to maintain strict compliance protocols, this authorization eliminates the complexity of lengthy security evaluations while ensuring their data protection solution meets or exceeds all regulatory requirements. 

Simplifying Deployment Across Diverse Government Environments 

Government agencies face unique infrastructure challenges, from legacy on-premises systems to modern cloud deployments, often with varying levels of technical resources and expertise. Commvault’s unified platform architecture addresses these challenges by maintaining consistency across all deployment scenarios—whether on-premises, cloud, virtual or physical environments. 

Since the underlying code remains consistent across all implementations, agencies experience significantly reduced deployment times compared to managing multiple vendor solutions. This consistency also translates to streamlined training processes and lower administrative overhead, particularly valuable for agencies with limited technical staff or those supporting geographically distributed operations. 

Leveraging Strategic Procurement Advantages 

The Data Protection Bundle is readily available through General Services Administration (GSA) Schedule contracting, providing Federal buyers with the streamlined procurement process they understand and trust. This availability is enhanced by Carahsoft’s partnership with Commvault to offer additional savings of up to 60% off manufacturer’s suggested retail price (MSRP)—savings that stack on top of existing GSA Schedule discounts that agencies have historically leveraged. 

While the focus remains on end-of-fiscal-year procurement opportunities, Commvault has committed to honoring this pricing structure through the end of the calendar year, providing agencies with flexibility in their planning and implementation timelines. 

Supporting Widespread Federal Adoption 

Commvault’s platform is already deployed across numerous Federal agencies, spanning both Department of Defense (DoD) and civilian organizations. Many of these agencies utilize Commvault to protect shared environments through a single unified platform, demonstrating the solution’s ability to scale across diverse Government requirements while maintaining the security boundaries and operational control that Federal organizations require. 

This existing Federal footprint provides new adopters with confidence in the platform’s proven ability to meet government-specific mandates while offering opportunities for knowledge sharing and best practice development across agency lines. 

Federal agencies looking to strengthen their data protection capabilities while maximizing end-of-fiscal-year budget efficiency should evaluate how Commvault’s comprehensive bundle addresses their mission-critical requirements. With proven FedRAMP High authorization, substantial cost savings and streamlined GSA procurement, this solution offers a strategic pathway to enhanced data security and operational efficiency. 

Visit Commvault’s FedRAMP page to discover how this end-of-fiscal-year opportunity can strengthen your agency’s data protection strategy and deliver significant cost savings. 

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Commvault we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Palo Alto Networks Cortex Cloud™ — Unified Efficiency, Now with Dual FedRAMP Authority

Posted on by
Reply

In a testament to its commitment to secured and streamlined cloud security, Palo Alto Networks Cortex Cloud™ has already achieved FedRAMP High and Moderate authorizations since launching in February 2025. This significant milestone positions Cortex Cloud as the only CNAPP in the FedRAMP Marketplace holding both High and Moderate designations, underscoring its unique ability to cater to the diverse security needs of the U.S. Government.

The Federal Risk and Authorization Management Program (FedRAMP) is the Government’s rigorous standard for assessing, authorizing and continuously monitoring cloud services. By achieving both High and Moderate authorizations, Cortex Cloud demonstrates its adherence to stringent security controls, paving the way for Federal agencies to confidently adopt its innovative platform.

Unlocking Efficiency Through a Unified Security Platform

At a time when Government agencies are prioritizing modernization and efficiency, Cortex Cloud offers a powerful, unified solution. As the next generation of Prisma® Cloud, it transcends traditional, siloed security tools by integrating best-in-class cloud detection and response (CDR) with industry-leading, cloud-native application protection platform (CNAPP) capabilities.

This platform-centric approach delivers measurable benefits:

  • Streamlined Procurement – By choosing Cortex Cloud with FedRAMP High authorization to secure your environment, agencies can bypass the complexities and delays of redundant security assessments.
  • Reduced Complexity and Risk – By integrating security across the entire cloud lifecycle (from code to cloud to SOC) Cortex Cloud eliminates the operational overhead and potential vulnerabilities associated with managing disparate security tools.
  • Enhanced Operational Efficiency – The unified platform provides comprehensive visibility and context, enabling security teams to prioritize risks effectively, automate responses and reduce the mean time to respond (MTTR) to threats.
  • Intelligent Risk Reduction – Cortex Cloud’s cloud posture security capabilities offer agentless visibility and intelligently group-related issues, empowering security teams to focus on the most critical risks with minimal effort.
  • Proactive Threat Prevention – Stop attacks in real time with cloud detection and response (CDR), maintaining the integrity and availability of Government systems, as breaches are prevented before impacting mission-critical operations.
  • Securing the Application Lifecycle – Cortex Cloud’s application security features enable agencies to identify and remediate vulnerabilities in the software supply chain, preventing risks from ever reaching production.

Meeting Diverse Government Needs with a Single, Powerful Platform

The dual FedRAMP High and Moderate authorizations empower Cortex Cloud to address a wide spectrum of Government requirements:

  • FedRAMP High – For the most sensitive, unclassified data where compromise could severely impact national security, economic stability or public safety. Cortex Cloud meets over 400 rigorous security controls for mission-critical applications.
  • FedRAMP Moderate – For Federal information where loss of confidentiality, integrity or availability would have serious adverse effects. Cortex Cloud adheres to over 300 security controls, suitable for a broad range of data, including PII.

Furthermore, Cortex Cloud’s GovRAMP High and Moderate certifications highlight its commitment to serving State and Local Governments with equally robust and efficient cloud security solutions.

Driving Productivity and Cost Savings

The U.S. Government’s focus on maximizing efficiency and productivity aligns perfectly with the benefits offered by Cortex Cloud’s unified platform.

By consolidating security functions and providing intelligent insights, Cortex Cloud helps agencies:

  • Optimize Resources – Security teams can operate more efficiently, focusing on strategic initiatives rather than managing a complex web of point solutions.
  • Improve Security Outcomes – Comprehensive visibility and integrated threat intelligence lead to a stronger security posture and reduced risk of costly breaches.
  • Accelerate Cloud Adoption – Agencies can confidently embrace the scalability and flexibility of the cloud while maintaining the highest security standards.

Cortex Cloud’s FedRAMP High and Moderate authorizations are more than just certifications; they represent a commitment to providing Government agencies with an efficient, unified and highly secure cloud security platform. By streamlining operations, reducing complexity and delivering comprehensive protection, Cortex Cloud empowers the U.S. Government to achieve its modernization goals while safeguarding its most critical assets.

Secured in America. Built for Government.

Headquartered in California, Palo Alto Networks proudly celebrates two decades of cybersecurity innovation and leadership. Across the United States, we employ more than 8,800 people in 49 states with physical offices in California, New York, Texas and Virginia. Championing American production excellence, we assemble all of our hardware firewalls in the United States, with our primary assembly and fulfillment center located in Texas. With over $1.8 billion in annual R&D, Palo Alto Networks is driving continuous innovation to maintain American technological leadership and excellence.

Learn more about our commitment to serve Federal organizations as the Government’s cybersecurity partner of choice.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Palo Alto Networks, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

How AI-Powered Compliance Solutions Are Transforming Regulatory Management for Government Agencies

Posted on by
Reply

Government agencies manage between 12,000 and 40,000 regulatory obligations, with approximately 200 to 250 new regulatory alerts issued globally every day across the financial services sector alone. This escalating complexity is driving agencies to rethink their approach to compliance management, moving away from manual, reactive processes toward intelligent, proactive solutions.

The Overwhelming Scale of Modern Regulatory Compliance

Traditional compliance methods cannot keep up with today’s regulatory demands. In the U.S., the Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA) account for over 5,000 of those obligations. In the future, 74% of organizations anticipate even more regulatory activity, highlighting the rise and complexity of compliance requirements.

The challenge extends beyond just volume to the speed at which regulations evolve and their divergence across jurisdictions. Traditional methods—spreadsheets, siloed systems and manual tracking—leave agencies vulnerable to gaps and inconsistencies that can result in significant penalties and reputational damage.

For Government agencies, the stakes are even higher. They must demonstrate complete adherence to regulatory standards while maintaining public trust through transparency and accountability. This creates additional pressure on compliance teams to meet regulatory requirements in a way that can withstand public scrutiny and audits.

The Hidden Costs of Manual Compliance Operations

Manual compliance processes are costly and inefficient. A 10-person compliance team loses approximately $500,000 annually to manual tasks like monitoring, tagging, mapping and documentation—excluding the costs of fines and remediation. That time could instead be spent on strategic analysis and risk prevention.

A high employee turnover rate of 23% further inflates costs, as onboarding new analysts takes months. By the time they are fully trained, they are often ready to move on from routine tasks, creating a cycle of constant training, development and replacement.

Manual processes also introduce risks such as compliance gaps, failed audits and regulatory penalties. Organizations using manual processes experience 3.2 times more violations than those with automation. These inefficiencies contribute to the expectation that compliance costs will rise 6-9% annually through 2030, making automation a financial necessity.

AI as a Force Multiplier for Compliance Teams

Archer, AI-Powered Compliance Solutions Are Transforming Regulatory Management, blog, embedded image, 2025

Artificial intelligence (AI) serves as a force multiplier that can put the expertise of a 15- or 20-year analyst into the hands of an amateur. By delivering institutional knowledge and step-by-step guidance through complex processes, AI significantly reduces onboarding time for new team members.

Its impact is both immediate and measurable. AI-powered horizon scanning reduces the time analysts spend reviewing regulatory updates from hours to minutes, filtering out up to 95% of irrelevant alerts so teams can focus on the 5% that truly matter. Natural language further enhances efficiency by breaking down complex regulatory text into digestible summaries, helping teams quickly understand and act on new requirements.

Most notably, AI automates obligation extraction from dense regulatory text—a process that manually takes 5.3 hours per obligation and has a 14.6% error rate. AI identifies obligation statements, provides rationale and tags content for routing to the appropriate business units. In doing so, AI not only streamlines workflows but also ensures greater quality and accuracy over time through expert-in-the-loop validation.

End-to-End Lifecycle Management for Regulatory Changes

Modern compliance requires a holistic approach, from identifying regulatory updates to operational implementation and audit readiness. The true value comes from operationalizing these insights into frameworks, policies, controls and measurable testing programs. Yet only 38% of organizations successfully map regulatory changes through to updated controls and audit trails.

Lifecycle management starts with comprehensive horizon scanning and extends through policy governance, control alignment and continuous monitoring. When updates—such as tighter insider trading language—triggers changes, AI flags policy conflicts, creates change requests and ties them directly to relevant citations. This creates a clear audit trail, ensuring that modifications are documented, defensible and properly embedded back into the compliance framework.

AI also strengthens control management by flagging gaps between obligations and controls, identifying conflicts with evolving regulations and static policies—such as a privacy policy’s opt-in age that conflicts with new jurisdictional requirements—and recommending changes before violations occur. This creates a responsive system where regulatory changes automatically drive updates across policies, controls and audits.

Proactive Risk Management Through Intelligent Automation

Shifting from reactive to proactive compliance enables smarter risk management. Intelligent automation identifies potential issues before they become violations and informs decisions about expanding products and services or entering new markets. Instead of months-long manual assessments, agencies can use AI to instantly identify control gaps and readiness. This can speed up service expansion or help agencies determine not to proceed.

Automated insights also enhance leadership decision-making. By combining real-time monitoring with impact analysis, agencies can prepare for regulatory changes instead of responding after implementation deadlines. These capabilities yield real results: organizations leveraging AI-driven compliance systems report a 79% reduction in audit cycle times—from 42 days to nine—and 90% fewer evidence requests from business units.

The future of Government compliance lies in embracing intelligent automation that enhances human expertise rather than replacing it. By implementing AI-powered solutions that can manage the velocity and complexity of modern regulatory requirements, agencies can transform their compliance programs from reactive cost centers into proactive strategic assets.

To learn more about how AI-powered compliance solutions can transform your agency’s regulatory management approach, watch the full webinar “Archer Evolv Compliance” and view the solution brief for a deeper dive into the platform’s capabilities.

* All statistics referenced in this blog are sourced directly from the webinar on which this content is based.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Archer, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Meeting the AI Mandates with Confidence: Why Federal Teams Trust Snyk

Posted on by
Reply

Federal agencies are moving fast to unlock the potential of AI—from improving citizen services to driving mission outcomes. But with all that innovation comes a new wave of complexity and risk.  Security, trust, and transparency can’t be afterthoughts. They need to be part of the build process from day one.  That’s where Snyk for Government comes in—now FedRAMP authorized, we’ve taken it even further with the launch of the Snyk AI Trust Platform May 2025. 

AI isn’t magic. It’s built on code, containers, infrastructure templates, and APIs—and increasingly, it’s generating code on its own, generating 40% more vulnerabilities than human developers. Agencies need to track, fix, and manage continuously.  With Snyk, you can shift left and Secure-by-Design:

  • Spot and fix risks early—automatically and at scale
  • Keep developers moving fast while staying compliant
  • Build AI systems that are secure from the ground up

Meet the Snyk AI Trust Platform

Launched in May 2025, the Snyk AI Trust Platform is the first of its kind: an AI-native, agentic security platform designed for how modern teams build today. It gives agencies the tools to move quickly without compromising trust.

This isn’t just DevSecOps—it’s security built for the era of AI-driven, autonomous software development.

How Snyk is supporting new federal AI mandates

Trusted, Transparent AI Development

As agencies embrace AI, expectations around objectivity and transparency are front and center. Snyk helps teams meet those expectations with tools that focus on real technical risks—not subjective filters.

  • Credible vulnerability intelligence: Sourced from standards-based orgs like CVE, CWE, and NIST
  • Customizable policy enforcement: Agencies stay in full control with Snyk Guard’s real-time, no-bias policy engine
  • Integrated into your pipeline: From GitHub to Terraform to container registries—Snyk fits your workflow, not the other way around

 Scaling Secure AI Infrastructure

New funding and fast-tracked initiatives mean federal developers need security tools that keep up.

  • FedRAMP authorized: Snyk is cleared for use across federal cloud environments
  • Automation where it counts: Agentic tools like Snyk Assist and Snyk Agent surface issues and fix them before they ship

 Building Export-Ready, Trusted AI Systems

As global collaboration increases, secure supply chains are more important than ever. Snyk helps you ship software that’s secure, auditable, and globally trusted.

  • Standards-aligned: Support for SBOMs, AIBOMS, international compliance, and NIST-aligned policies
  • Agentic AI security: Governance that scales to GenAI assistants and LLMs—wherever and however they run
  • Broad ecosystem support: Integrates with the open tools your dev teams already use

Whether you’re modernizing legacy systems, launching new GenAI services, or strengthening cross-agency pipelines, Snyk helps federal teams move fast, stay secure, and build trust into every line of code.

? Ready for a tailored AI readiness assessment?
 Let’s talk: federal@snyk.io

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Snyk, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

F5 AI Assistant Expands with iRules Code Generation for BIG-IP Programmability

Posted on by
Reply

Over the last several months, F5 has rolled out purpose-built AI assistants for F5 Distributed Cloud Services and F5 NGINX One. In February at AppWorld 2025 in Las Vegas, we also offered a preview of F5-powered AI assistant functionality specifically designed for F5 BIG-IP customers, centered on iRules code generation. Today, we’re thrilled to share two exciting milestones: we’re bringing together our AI assistants across the F5 Application Delivery and Security Platform, and availability of iRules code generation.

Managing application delivery and security often feels like solving a puzzle with missing pieces. From writing configurations to searching for answers in scattered documentation, these tasks consume time and energy while leaving teams vulnerable to errors and delays. Repetitive processes like debugging and policy tuning sap creativity, and even the most skilled teams inevitably encounter gaps in expertise that slow progress. These challenges are common, but they don’t have to define your workflows. With purpose-built AI-powered intelligence, teams can simplify these complexities with insights and automation designed to supercharge application delivery and security deployments.

Unification across the platform

To deliver exceptional customer experiences across the F5 Application Delivery and Security Platform, we are bringing our AI assistants into a single F5 AI Assistant. With a consistent user experience, SecOps and NetOps teams can better understand their security posture and exploit the wealth of information at their disposal across the entire platform, reducing the operational complexities of their hybrid multicloud environments.

F5 AI Assistant leverages the F5 AI Data Fabric to deliver intelligence powered by proprietary, purpose-built AI models. Unlike general AI tools, the AI Assistant provides domain-specific expertise, offering precise guidance and actionable insights. From generating iRules to optimizing configurations and improving security postures, it drives enterprise-grade accuracy and contextual relevance while reducing complexity. As part of the F5 Application Delivery and Security Platform, the AI Assistant empowers faster decision-making and measurable outcomes for teams managing modern application and security challenges.

F5 AI Assistant provides a single natural language interface across all three product families of BIG-IP, NGINX One, and Distributed Cloud Services within the F5 Application Delivery and Security Platform.

iRules code generation is now available

F5 iRules are the backbone of customization within the BIG-IP ecosystem, empowering teams to tailor their application delivery and security environments to meet unique needs with unmatched precision and flexibility. Over 85% of BIG-IP customers rely on iRules, which power 70% of all BIG-IP instances globally. These dynamic scripts enable deep interaction with traffic, modifying behavior, optimizing routing, and solving challenges beyond standard configurations. However, iRules can be complex, time-intensive, and, in many cases, persist long after their authors have moved on from the company for which they were written. This level of control requires a tool that can match their importance, a tool designed to enhance their creation, use, and management for today’s scaling enterprises.

We’re excited to announce the availability of iRules code generation within the AI Assistant for our BIG-IP customers. This groundbreaking functionality leverages advanced automation with natural language processing, reshaping how teams build and manage iRules. With models trained using F5’s own expertise, including from our engineering and professional services teams, the AI Assistant simplifies the most complex aspects of iRules management by improving accuracy, reducing effort, and enabling faster security and application decisions. From streamlining workflows to eliminating manual processes, it empowers teams to achieve goals with efficiency, scalability, and innovation.

Explore F5 AI Assistant in action supporting the explanation, generation, and optimization of F5 iRules.

Functionality is categorized into three areas—explain, generate, and optimize:

  • Explain: Gain a deeper understanding of iRules with clear, natural language explanations that break down components, logic, and functionality. This capability bridges knowledge gaps, making iRules accessible to users of all expertise levels while providing actionable insights for better decision-making.
  • Generate: Instantly create secure, validated iRules by describing your needs in natural language. The AI Assistant translates your input into tailored scripts, saving valuable time, reducing errors, and accelerating deployments.
  • Optimize: Debug, troubleshoot, and fine-tune iRules with precision and efficiency. The AI Assistant streamlines complex processes, eliminates manual guesswork, and ensures enhanced performance, reliability, and scalability for your BIG-IP environments.
F5 AI Assistant explains, generates, and optimizes iRules, eliminating the manual guesswork.

The introduction of iRules code generation reinforces AI Assistant as your trusted partner for simplifying, innovating, and scaling BIG-IP environments. By eliminating guesswork, it ensures that teams can address vulnerabilities, maintain consistency, and manage traffic configurations swiftly and effectively.

Begin using F5 AI Assistant

To explore F5 AI Assistant for your organization, refer to our press release and the solution overview detailing iRules code generation and the strategic time-saving value the AI Assistant provides.

Also, be sure to catch all the latest F5 AI news on our Accelerate AI webpage.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including F5 we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

This post originally appeared on F5.com, and is re-published with permission.