TechNet Cyber 2025: Top 5 Insights on Zero Trust, Interoperability and More

Posted on by Mike McCalip

Technology is a vital part of the United States Department of Defense (DoD)’s capabilities, making security and enhancements essential to the nation’s stability and growth. AFCEA International’s flagship event, TechNet Cyber, emphasizes the role of cybersecurity and IT within the DoD. Alongside its partners, such as such as Amazon Web Services (AWS), Everfox and Ciena, Carahsoft attended TechNet Cyber to support DoD mission objectives. Carahsoft maintains a unique position in the defense industry with the ability to connect DoD and intelligence community (IC) personnel, Government IT decision-makers, thought leaders and industry and vendor partners. At this year’s conference, leaders and operators in the IT and Defense Department joined to network, facilitate problem solving and explore ways to expedite and secure the procurement process.

1. Expanding Zero Trust: “Flank Speed” is Ready to Scale

To safeguard against potential cybersecurity attacks, the DoD is working to secure its networks with Zero Trust, a security strategy focused on identity, credential and access management. In the session “DoD Zero Trust Success Stories,” David Voelker, Zero Trust Architecture Lead for the Department of the Navy, discussed recent initiatives to bolster Zero Trust within Flank Speed, the Navy’s single enterprise Microsoft 365 solution that provides productivity tools, collaboration tools and OneDrive storage. The Navy plans to implement autonomous penetration testing to identify which of its 152 Zero Trust capabilities are applicable to baseline, as well as bolstering the many programs within the Navy, with the goal of purchasing and deploying these capabilities by the end of the 2027 fiscal year.

Another speaker, Ian Leatherman, the Zero Trust Strategy Lead for Microsoft U.S. Federal, discussed key takeaways from Microsoft’s work with Flank Speed. Visibility into agency networks is critical to emboldening existing Zero Trust strategies. Mr. Leatherman stated, “When in doubt, collect the telemetry: you never know what new or novel adversary techniques you may find.” Knowing exactly how many endpoints, applications and users are on the network at any given time positions the DoD to swiftly deal with incoming threats.

Leatherman also discussed recent initiatives to involve all Navy personnel in a cybersecurity strategy; security is more than a technology solution, but a way to ensure safety within the agency. David Voelker, Zero Trust Architecture Lead at the Department of the Navy echoes this statement. While the Zero Trust Portfolio Office set their DoD-wide Zero Trust adoption target as the end of fiscal year 2027, Flank Speed is already operational. Voelker notes that the Flank Speed configuration could be lifted and shifted to other customers in the DoD, with a quick deployment time of under 24 hours. Mr. Voelker also recommends automating this shift.

Carahsoft and our vendor partners offer several cybersecurity solutions to help Government agencies implement Zero Trust architectures that protect critical information and reduce national security risk. Our offerings align with Public Sector Zero Trust maturity models developed by NIST, the DoD and CISA.

Carahsoft, TechNet, blog, embedded image, 2025

2. How Mission Objectives Drive Acquisition

Acquiring powerful, up-to-date technology enables the DoD to protect against persistent and increasingly sophisticated cyber-attacks. The DoD aims to streamline its procurement process to maintain pace and safeguard against attacks. In the session “DoD Software Modernization Senior Steering Group,” speaker Sean Brady, Senior Lead for Software Acquisition Enablers at the Office of the Undersecretary of Defense (Acquisition and Sustainment), explained that there are two key drivers to this transformation. The first is mission objectives; software should be tailored to allow the DoD to adapt its systems to rapidly changing threats. The second is access to commercial innovation, which allows the DoD to access products in weeks or months rather than years.

3. Digital Transformation for Operational Effectiveness

Digital transformation in the DoD is crucial for maintaining pace with an increasingly technology-driven security environment. Thomas W. Simms, Principal Deputy Executive Director for Systems Engineering and Architecture at the Office of the Under Secretary of Defense for Research and Engineering, discussed the major digital transformation efforts within the DoD.

The main four are:

Modular Open Systems Approach (MOSA), a congressional requirement that integrates technical and business strategies to promote acquisition and drives modular designs

The DoD’s Digital Engineering Instruction, which requires programs to use digital engineering in their design process

Application Program Interfaces (APIs), a ruleset that allows communication between software applications and is driven by the DoD’s API guidebook, which enables the DoD to become more data-centric

The DoD’s System Engineering Guidebook, which is currently undergoing an update to incorporate guidance from the Secretary of Defense’s latest memos

By modernizing legacy systems and enabling the DoD to acquire the newest and greatest in IT, these initiatives enhance operational effectiveness and improve decision-making speed.

4. Fast-Tracking Authority to Operate (ATO)

In the defense industry, technology must be approved to mitigate security risks. The Software Fast Track (SWFT), a process that expedites software verification within the U.S. Government, is changing the way the DoD manages risks and conducts Authority to Operate (ATO). Contractors can get involved with the latest software acquisition and risk management changes by participating in the three recently released requests for information (RFIs).

These RFIs, which close May 20^th, are:

RFI – Software Fast Track (SWFT) Tools

RFI – Software Fast Track (SWFT) External Assessment Methodologies

RFI – Software Fast Track (SWFT) Automation & Artificial Intelligence (AI)

Katie Arrington, the Acting DoD Chief Information Officer (CIO), also discussed the Software Fast Track (SWFT) set to launch on June 1^st of this year. The initiative will replace the traditional Authority to Operate (ATO) structure and add a few requirements, such as third-party Software Bill of Materials (SBOM), third-party risk assessments and the population of Enterprise Mission Assurance Support Service (eMASS) with artifacts. Once these guidelines are in place, contractors will gain a Provisional ATO.

Ms. Arrington attests that these changes will revolutionize the Risk Management Framework (RMF) by allowing industry experts to provide feedback to the DoD. Paper compliance isn’t enough anymore, Ms. Arrington says. The DoD is looking for “continuous monitoring, red-teaming and people to continually evaluate their capability.”

She also added that the DoD will be sunsetting the Approved Products List (APL). Additional sponsor additions are no longer being accepted. Instead, the SWFT initiative will take over, establishing a “trust, but verify” procedure, promoting both security and swift ATO action.

5. Using Interoperability to Pitch to DoD

As operations increasingly move online, interoperability becomes increasingly important to efficiency and accessibility. Venice Goodwin, the outgoing CIO for the Department of the Air Force, offered advice to industry professionals on navigating changes within DoD. Goodwin recommends that the industry practice “extreme teaming;” rather than service each department individually: vendors should focus on servicing the DoD as a whole. As the DoD prioritizes capabilities that have cross-departmental benefits, industry experts should demonstrate the effectiveness of their capabilities and solutions in every domain across land, sea, air and space. With this collaboration, both the Private and Public Sector can get the results they need.

The digital transformation journey within the Department of Defense represents not just an evolution of systems, but a commitment to defending interests at home and abroad. Acquisition, ATO and Zero Trust are all valuable assets to maintaining pace with the current, constantly evolving technological climate, ensuring the United States carries out its mission of protecting the nation.

To learn more about mission-critical technology, visit Carahsoft’s defense portfolio to explore solutions showcased at TechNet Cyber. For additional research into the key takeaways that industry and Government leaders presented at TechNet Cyber, view Carahsoft’s full synopsis of key sessions from the tradeshow. 

The Top CMMC Events for Government and the DIB in 2025

Posted on by Alex Whitworth

With the release of the Cybersecurity Maturity Model Certification (CMMC) 2.0 framework, 2025 marks a pivotal year for education, collaboration and implementation across the Defense Industrial Base (DIB). As compliance standards evolve, this year’s lineup of CMMC-centric events offers defense contractors, cybersecurity professionals and Government stakeholders unparalleled opportunities to deepen their understanding, explore new solutions and engage directly with policy leaders and technology providers. Below is a preview of the key events shaping the CMMC landscape in 2025—and how Carahsoft and our partners are helping to drive the conversation forward.

CEIC West

May 21-23 | Las Vegas, NV | In-Person Event

CEIC West 2025, the official conference of The Cyber AB, is the premier event for defense contractors and cybersecurity professionals focused on implementing the CMMC 2.0 framework. Hosted by Forum Makers, this conference offers practical strategies to help organizations achieve compliance and secure their place in the DIB. Attendees will benefit from expert-led sessions, hands-on workshops and networking opportunities with key figures from the DoD and The Cyber AB. Additional highlights include pre-conference training, the Women of CMMC Dinner and the Tech for Troops Golf Tournament. Learn how to close security gaps, manage costs and tackle the real-world challenges of CMMC compliance at CEIC West 2025.

Sessions to look out for:

Keynote: “Protecting CUI, Federal Contractors and the Future of CMMC” feat. Katie Arrington, CIO, DoD

“CMMC Beyond the DoD: Preparing for a Broader Compliance Landscape”

Carahsoft will present a Solutions Showcase spotlighting a group of partners that provide CMMC compliance tools tailored for the DIB. Numerous resources and solutions providers —including those in Carahsoft’s “Solutions Showcase” such as Cyturus, Lifeline Data Centers, Axonius Federal Systems, ISI Defense and Paramify— will be available for attendees seeking to learn more about CMMC and Carahsoft’s role in the program. Join us at the pre-conference golf tournament as Carahsoft is proud to be the Beverage Sponsor of this charitable event!

Carahsoft CMMC Webinar Series

July 29-31 | Virtual Event

Carahsoft upcoming webinar series offers a comprehensive look at the latest updates to the CMMC program, providing DIB stakeholders with the insights needed to achieve and maintain compliance. Through a series of expert-led sessions, participants gain a clear understanding of the CMMC framework and learn how to implement effective cybersecurity practices aligned with Federal requirements. Whether you are just beginning your compliance journey or looking to strengthen your existing posture, this series delivers actionable guidance for all levels of the CMMC compliance journey.

The Carahsoft CMMC Webinar Series will feature a number of partners to share insights and offer practical solutions for achieving compliance. Check out our website for more information and to register as we get closer to the event date.

National Cyber Summit

September 23-25 | Huntsville, AL | In-Person Event

The National Cyber Summit 2025 is the nation’s most innovative cybersecurity technology event, offering unique opportunities for education, collaboration and workforce development. Hosted by the North Alabama Chapter of the Information Systems Security Association (NAC-ISSA), Cyber Huntsville Corporation (CHC), Auburn University Research and the University of Alabama in Huntsville, the summit brings together participants from Government, industry and academia. Attendees can expect a comprehensive agenda featuring expert-led sessions, hands-on training and valuable networking designed to foster collaboration and innovation across the cybersecurity landscape. With its strong emphasis on advancing best practices and protecting national interests, the National Cyber Summit remains a must-attend event for the cybersecurity community.

Carahsoft will host a Partner Pavilion highlighting trusted technology providers focused on CMMC compliance solutions for the DIB. This space will serve as a hub for attendees to explore Carahsoft’s extensive lineup of solutions providers and educational resources, offering access to experts and compliance tools.

CEIC East

November TBD | Location TBD | In-Person Event

CEIC East, presented by the CMMC Implementation Conference (CIC) in partnership with The Cyber AB, is designed to immerse attendees in the defense supply chain cybersecurity ecosystem. This conference brings together industry experts, defense contractors and IT leaders to provide comprehensive guidance on achieving compliance with CMMC 2.0, NIST 800-171 and DFARS regulations. Featuring expert-led sessions, real-world case studies and technical breakouts, CEIC East offers valuable insights into securing CUI and FCI. The event also includes networking opportunities and an exhibitor hall showcasing the latest cybersecurity technologies and solutions

Carahsoft will have a Solutions Showcase for partners that provide CMMC compliance solutions to the DIB. This showcase will provide attendees with a hands-on opportunity to explore Carahsoft’s expansive network of compliance-focused technologies and gain insights into the tools, services and support available to guide them through every phase of their CMMC journey.

DoDIIS

December 7-10 | Fort Lauderdale, FL | In-Person Event

The 2025 Department of Defense Intelligence Information System (DoDIIS) Worldwide Conference is a premier event that brings together senior decision-makers, technical experts and innovators from the DoD, Intelligence Community (IC), industry, academia and Five Eyes (FVEY) partners. This immersive conference offers a unique platform for collaboration and knowledge sharing, focusing on the integration across the IC and the rapid development and deployment of mission-focused solutions. Attendees will have the opportunity to engage with a comprehensive selection of sessions, interact with a broad range of leaders and showcase solutions addressing issues impacting mission users. The event also features dynamic speakers, innovative technologies and networking socials, providing an invaluable experience for all participants.

Carahsoft, Top CMMC Events, blog, embedded image, 2025

Carahsoft will host an expansive Partner Pavilion highlighting cutting-edge technologies that support defense and intelligence missions. Within this space, our Cyber booth—located in the Vertical Alley”—will feature a demo station from our CMMC team.

CMMC Day

May 5, 2026 | College Park, MD | In-Person Event

Join industry leaders at the 6^th annual CMMC Day 2026, where the Defense Industrial Base (DIB) will come together to navigate the shift from compliance to competitiveness under CMMC 2.0. With over 300,000 U.S. Government subcontractors soon to be impacted, this one-day conference offers essential insights into the CMMC framework’s wide-reaching implications for Federal supply chain security. CMMC Day delivers expert-led sessions from the National Institute of Standards and Technology (NIST), the National Information Assurance Partnership (NIAP), the National Security Agency (NSA) and other key players, guiding attendees through NIST 800-171, foundational cybersecurity standards and the maturity model’s evolving requirements.

Whether you are a product vendor, integrator, testing lab or Government official, you will gain actionable knowledge, connect with the full industry value chain and leave better equipped to assess, prepare and certify under the new framework.

Carahsoft is looking forward to showcasing our partners who deliver innovative CMMC compliance solutions for the Defense Industrial Base at CMMC Day 2026. The event will spotlight Carahsoft’s broad portfolio of resources and solution providers, making it a must-attend opportunity for those preparing for or advancing their role in the CMMC ecosystem.

CS2 Reston

May 6-7 | Reston, VA | In-Person Event

The Cloud Security and Compliance Series (CS2) Reston, hosted by Summit 7, brings together defense contractors and IT leaders to learn about Federal cybersecurity requirements. With the CMMC rule now published, the CS2 Reston delivers critical guidance on achieving compliance with CMMC 2.0, NIST 800-171, Defense Federal Acquisition Regulation Supplement (DFARS) 70 Series—7012, 7019, 7020—and International Traffic in Arms Regulations (ITAR), as well as securing Controlled Unclassified Information (CUI) and Federal Contract Information (FCI). Featuring expert-led sessions, real-world case studies and technical breakouts, the agenda includes speakers from The Cybersecurity Assessor and Certification Body (Cyber AB), Microsoft, Summit 7 and others. CS2 Reston is a must-attend event for Chief Information Security Officers (CISOs), IT administrators and compliance professionals seeking practical insights and peer connections in the evolving defense cybersecurity landscape.

Carahsoft will exhibit at CS2 Reston, engaging with attendees interested in learning more about our cybersecurity solutions portfolio and educational resources. Look out for our 2026 involvement on our website.

SOF Week

May 5-8 | Tampa, FL | In-Person Event

SOF Week is the premier global gathering for the Special Operations Forces (SOF) community. Jointly hosted by U.S. Special Operations Command (USSOCOM) and the Global SOF Foundation, this annual event brings together over 19,000 attendees—including SOF operators, defense industry leaders, policymakers and international partners—to collaborate on advancing the future of special operations. Attendees can expect a dynamic agenda featuring senior keynotes, breakout sessions, live demonstrations and a multi-venue exhibition showcasing cutting-edge technologies. SOF Week offers unparalleled opportunities to network, learn and contribute to the global SOF mission.

Carahsoft will host a large Partner Pavilion at SOF Week 2026, where attendees can explore a wide range of mission-focused technologies from our partners. Look out for more information about our involvement in 2026 on our website.

TechNet Cyber

May 6-8 | Baltimore, MD | In-Person Event

TechNet Cyber 2026, hosted by the Armed Forces Communications and Electronics Association (AFCEA) International, is a premier event uniting military, Government, industry and academic leaders to tackle the ever-evolving challenges in cyberspace. The conference emphasizes collaborative strategies to strengthen cyber resilience and outpace adversaries. Attendees will gain valuable insights from top officials at United States Cyber Command (USCYBERCOM), the Defense Information Systems Agency (DISA), the Department of Defense Chief Information Officer (DoD CIO) office and other key agencies. Sessions will cover zero trust architecture, artificial intelligence (AI) integration and cyber workforce development. Featuring a robust exhibit hall and targeted networking opportunities, TechNet Cyber offers a comprehensive platform for driving cybersecurity innovation across the Public and Private Sectors.

Carahsoft will host a Partner Pavilion showcasing cybersecurity solutions from our leading technology partners such as Cyturus. Check out our website as we look forward to our 2026 involvement.

Looking Ahead:

Whether you are just beginning your CMMC journey or looking to enhance your existing compliance strategy, these 2025 events provide a critical forum for insight, innovation and connection. With each event tailored to address the most pressing challenges facing the DIB, participants can expect actionable takeaways, hands-on demos and valuable discussions with experts across Government and industry. Carahsoft is proud to support these initiatives through our presence at each event, along with our robust ecosystem of CMMC-focused partners and resources.

Explore Carahsoft’s full CMMC solutions portfolio and learn how we can help support your compliance efforts.

Nutanix AHV and Rubrik’s Layered Security – The Key to System Resilience and Efficiency

Posted on by Tom Bisbee, Gabriel Flores and Brett Atha

Protecting critical infrastructure from cyber threats and ensuring business continuity in the face of disasters is a top priority for organizations today. Luckily, Nutanix AHV, a modern, secure virtualization platform that powers and enhances virtual machines (VMs), can help. Rubrik’s integrated solutions fortify AHV environments against ransomware attacks and enable efficient disaster recovery. By leveraging features like immutable backups, anomaly detection and on-demand cloud-based disaster recovery, organizations can enhance their cyber resilience and minimize the impact of disruptive incidents.

A Simple and Secure Path to VM Management

Nutanix AHV is simple to use and secure by design. The platform works through a centralized control plane, where AHV is integrated into a single application programming interface (API). This eradicates a complicated setup on the customer side. By maintaining constant management and a virtualization layer, Nutanix AHV allows organizations to fulfill mission objectives.

Nutanix AHV features several built-in security features, such as micro-segmentation, data insights, audit trails, ransomware protection and data age analytics.

Nutanix features:

Built-in, self-healing abilities protect against disk failure, node failure and more
A vulnerability patch summary automatically alerts users about susceptibility risks and anomalies that need to be addressed
A life cycle manager provides readmittance testing and deployment testing
More than one copy of backup data, ensuring that users do not lose valuable information
Multi-site replication including to and from the public cloud.

Securing data in Nutanix AHV requires more than just the basic perimeter defenses, but a multi-layered strategy. With Rubrik’s data protection abilities, which include immutable backups, automatic encryption and logical air-gapping, agencies and organizations can recover information within minutes and resume mission objectives in the event of a breach.

Securing Data with Rubrik’s Rapid Recovery Abilities

Rubrik, a security cloud solution provider that keeps your data resilient, enables the near-instant recovery of virtual machines and data within the Nutanix AHV environment. Rubrik provides multiple recovery options within AHV, such as file-level recovery, live mount, export, mount virtual disks and downloadable virtual disk files. Through Rubrik, businesses can recover files from older hypervisors into newer AHV environments without having older hypervisors online. Once granted access to the AHV environment, Rubrik automatically discovers and integrates protocols and base level policies for VMs. Rubrik’s recovery process restores data in minutes, regardless of VM size. As VMs get larger and larger, frequently hitting 50 terabytes, this speedy and precise response empowers organization’s incident response plans to be swift and efficient. After scanning the meta data, users are granted file level recovery after anomaly detection, allowing users oversight on affected data.

As the data that organizations manage grows exponentially, data security becomes critical to business functions. Rubrik offers comprehensive data security, continuously monitoring and remediating data risks within the network.

Through Rubrik, businesses can recover files from older hypervisors into newer AHV environments without having older hypervisors online. Once granted access to the AHV environment, Rubrik automatically discovers and integrates protocols and base level policies for VMs.Rubrik’s recovery process restores data in minutes, regardless of VM size. As VMs get larger and larger, frequently hitting 50 terabytes, this speedy and precise response empowers organization’s incident response plans to be swift and efficient.After scanning the meta data, users are granted file level recovery after anomaly detection, allowing users oversight on affected data.

Rubrik also provides constant monitoring for backups. Typically, businesses do not regulate data backlogs, which increases the likelihood that they miss attackers that sit in the system environment for a few days before collecting data. With Rubrik’s threat monitoring and hunting, organizations can search through backups and detect when an anomaly entered the environment. Through Nutanix and Rubrik’s integration, IT teams can reduce complexity, gain oversight, cut down on operational costs and improve resiliency and efficiency.

Automation: The Key to a Proactive Incident Response

Modern cyber threats require a proactive approach to incident response. With automation and orchestration, facilitated by the combined capabilities of Nutanix and Rubrik, organizations can detect, respond to and recover from cyber incidents more efficiently.

Rubrik has a built-in anomaly detection, which searches protected data for strange behavior, such as mass deletion or encryption. As the volume of data on a network increases, organizations often have sensitive data they are not actively monitoring or even know sensitive data maybe exposed. Rubrik clusters are always scanning protected data for anomalies, sensitive data, and known IOC’s allowing customers to select resolution options, such as isolating compromised VMs, or the ability to restore product systems from last known good copies.

Readiness impacts recovery time, and recovery time impacts organization operations. Nutanix AHV’s recovery organization authorizes IT teams to organize VMs into a set of templates, which can be used to create blueprints and launch application recovery. Nutanix also provides organizations with the flexibility to apply policy to each workload, taking control of network security and BC/DR policy with VM level granularity. By allowing organizations to map out their application owners, Nutanix AHV enables businesses to move from a reactive to a proactive security posture, minimizing the impact of attacks and ensuring swift recovery.

Nutanix and Rubrik’s integration creates a powerful security and operational synergy, empowering organizations with the tools they need for network safety and, if necessary, a swift and comprehensive restoration of critical systems, empowering organizations to resume business missions. Nutanix AHV enables organizations to reduce complexity, improve security and achieve a higher level of resilience and operational efficiency.

To learn more about how Nutanix AHV and Rubrik’s integration delivers streamlined data protection, rapid recovery and robust incident response capabilities, watch our webinar, Fortifying AHV: Cyber Recovery and Incident Response with Nutanix and Rubrik.

The Top Geospatial and Space Tech Events for Government in 2025 and Beyond

Posted on by Lacey Wean

Geospatial and space technologies are revolutionizing how Government agencies leverage location-based data, modern mapping platforms and advanced analytics to drive mission-critical decisions. From enhancing national security to improving infrastructure and environmental monitoring, these tools empower agencies to innovate and collaborate. In 2025 and beyond, Carahsoft and our vendor partners are excited to support Government professionals at premier events showcasing the latest advancements in geospatial and space tech. Join senior leaders, policymakers and IT experts to explore cutting-edge solutions and forge strategic partnerships. Below, we highlight top upcoming events.

SOF Week

May 5-8, 2025 | Tampa, FL | In-Person Event

SOF Week is the premier annual gathering for the international Special Operations Forces (SOF) community, jointly sponsored by U.S. Special Operations Command (USSOCOM) and the Global SOF Foundation. The event serves as a critical platform for fostering collaboration, innovation and excellence in modern special operations. Attendees will gain unique insights into the latest advancements in SOF capabilities, tactics and technology. The event attracts over 19,000 participants drawing SOF professionals, industry leaders and Government stakeholders from around the world.

Keep an eye out for the USSOCOM Annual Awards Ceremony. A highlight of the week, this awards dinner honors outstanding contributions to the SOF community and celebrates its achievements.

Join Carahsoft at its SOF Week exclusive pavilion alongside our technology partners, and do not miss our networking reception on Wednesday, May 7, 2025, from 6:00pm – 9:00pm at The Florida Aquarium.

GEOINT Symposium

May 18-21, 2025 | St. Louis, MO | In-Person Event

Hosted annually by the United States Geospatial Intelligence Foundation (USGIF), the GEOINT Symposium is the nation’s largest gathering of geospatial intelligence professionals, drawing over 4,000 attendees. Attendees will explore the intersection of technology and security, addressing challenges and opportunities in today’s complex geopolitical landscape. The event features industry-leading keynote speakers, main stage panels and hands on training workshops covering topics such as mission planning, precision timing and navigation, enhancing your practical skills and knowledge in geospatial intelligence applications.

This year’s theme, “Building a Secure Tomorrow Together,” will feature prominent keynote speakers, including The Honorable Tulsi Gabbard, Director of National Intelligence (DNI), VADM Frank “Trey” Whitworth, Director of the National Geospatial-Intelligence Agency, and General B. Chance Stalzman, Chief of Space Operations, US Space Force.

Carahsoft will have a significant presence at GEOINT 2025, featuring a pavilion with partner demos throughout the show. Connect with industry professionals at Carahsoft’s networking reception on Tuesday, May 20, at The Post Building, which will feature food and music.

GeoGov Summit

September 8-10, 2025 | Herndon, VA | In-Person Event

The GeoGov Summit is an annual forum that brings together leaders and experts from Government, industry, organizations and academia to advance the national geospatial strategy. The summit focuses on the evolving role of geospatial technologies in Governance, national security, infrastructure and public services. It serves as a platform for policymakers, technology providers and geospatial professionals to collaborate on improving data-driven decision making, enhancing interoperability and strengthening the National Spatial Data Infrastructure (NSDI).

Carahsoft is looking forward to attending and sponsoring the GeoGov Summit, along with our geospatial partners.

FOSS4G NA

November 3-5, 2025 | Reston, VA | In-Person Event

Free and Open Source Software for Geospatial North America (FOSS4G NA) is the premier open geospatial technology and business conference, offering a vibrant and welcoming atmosphere for technologists, end-users, academics and decision-makers. Attendees can look forward to a diverse program featuring presentations, workshops and networking opportunities that highlight the latest advancements in open source geospatial software and applications.

This event will feature:

Insights from leading experts in the geospatial field, who will discuss current trends and the future direction of open source geospatial technology.
Hands on workshops where attendees will have the opportunity to engage directly with open source geospatial tools and applications, enhancing their technical skills and knowledge.

Carahsoft is proud to sponsor FOSS4G NA 2025, supporting the growth of open geospatial technologies. With deep expertise in open source technologies, Carahsoft partners with top providers to deliver secure, scalable solutions that enhance operational efficiency and situational awareness.

CyberSat

November 17-20, 2025 | Reston, VA | In-Person Event

The CyberSat Summit is a key gathering dedicated to addressing cybersecurity threats and defenses in the satellite and space sectors. Since its inception in 2017, it has brought together satellite, space and cybersecurity professionals alongside Government, military and intelligence officials to discuss emerging technologies like artificial intelligence (AI) security, Zero Trust frameworks and quantum encryption. The SpaceInformation Sharing and Analysis Center (Space ISAC) will host a live tabletop exercise, testing incident response skills in a crisis simulation. Attendees can expect technical tracks on securing satellite networks, mitigating AI-driven threats and enhancing cyber resilience. Join the policy makers, threat analysts and engineers shaping the future of space security at this must-attend event!

Sessions to Look Out for:

Unclassified Program (November 17-18): Two tracks focused on real-world case studies, system-level security challenges and in-depth technical approaches to combat emerging cyber risks
Classified Program (November 19-20): This segment, held at the Aerospace Corporation’s Sensitive Compartmented Information Facility (SCIF) in Chantilly, VA, will cover a range of topics, including counterspace cyber applications of AI, threats to the supply chain, improving cyber resiliency in space and directed energy detection for satellite sensors.

Carahsoft is looking forward to exhibiting at the CyberSat Summit, along with our geospatial, space, AI and cyber partners.

Geography 2050

November 20-21, 2025 | New York City | In-Person Event

Geography 2050 is the American Geographical Society’s annual symposium, held in partnership with the Columbia Climate School. The 2025 theme, “The Future of GeoAI and the Planet,” will explore the convergence of geospatial technologies and artificial intelligence (GeoAI) and their transformative impact on understanding and addressing global challenges. Attendees will engage with experts from Government, industry, academia and non-profits to discuss how GeoAI can enhance our ability to monitor, predict and respond to environmental and societal changes. The symposium aims to foster a strategic dialogue on leveraging GeoAI for sustainable development and planetary stewardship.

This event will feature:

“GeoAI Foundation Models,” a session that delves into the development of comprehensive GeoAI foundation models that are capable of processing vast amounts of geospatial data to provide actionable insights.
“GeoAI and Glimpsing into the Future,” a session where experts will discuss how GeoAI enhances predictive modeling to anticipate future environmental and societal changes, aiding in proactive decision-making.
“Plenary Session” with Jack Dangermond, where Esri’s founder and president will discuss the latest trends in Geographic Information System (GIS), advancements in GeoAI and the future of location intelligence.
Technical workshops, where attendees will gain hands-on experience with Esri’s newest tools, including ArcGIS, AI-powered GIS workflows and spatial data science applications.
User presentations, where attendees will learn how Government agencies and enterprises are leveraging GIS to solve real-world challenges in disaster response, national security and smart city planning.

Carahsoft is proud to support the geospatial community by partnering with leading vendors to provide innovative solutions in GeoAI and geospatial technologies. We look forward to participating in Geography 2025 this year!

Geo Week

February 16-18, 2026 | Denver, CO | In-Person Event

Geo Week is a premier conference focused on the integration of geospatial technologies, the built environment and 3D innovations. This annual conference brings together professionals from geospatial, architecture, engineering, construction (AEC) and related industries to explore advancements in technologies like Light Detection and Ranging (LiDAR), photogrammetry, remote sensing, reality capture and AI.

The event features over 200 speakers and 50+ sessions, including keynote presentations, educational workshops and product previews.

Carahsoft is excited to sponsor and exhibit alongside our geospatial partners and network with attendees across the industry.

SATELLITE 2026

March 23-26, 2026 | Washington, D.C. | In-Person Event

For more than 40 years, the SATELLITE Conference & Exhibition serves as a major gathering for the satellite, space and defense industries, bringing together professionals from around the globe to discuss the latest advancements, challenges and trends in the field. The conference features a comprehensive program that includes keynote addresses from expert speakers, engaging panel discussions and networking opportunities with industry leaders and peers, fostering collaboration and innovation.

We look forward to sponsoring and having a booth at Satellite 2026 to showcase how Carahsoft is supporting the industry in the space, satellite and defense industries.

FedGeoDay

April 2026 | Washington, D.C. | In-Person Event

FedGeoDay is the premier event dedicated to Open Geospatial Ecosystems within the U.S. Federal Government. This event provides attendees the opportunity to engage with Federal program managers, technology leaders, industry partners and organizations to share ideas, learn and network. The event includes presentations, workshops and networking sessions aimed at fostering collaboration and innovation in the geospatial community.

Carahsoft is proud to be a sponsor of FedGeoDay, reinforcing our commitment to advancing open geospatial technologies across the Public Sector. Look out for updates on our presence in 2026 on Carahsoft’s website.

Space Symposium

April 13-16, 2026 | Colorado Springs, CO | In-Person Event

2026 will mark the 41^st Space Symposium! Over 10,000 space professionals and decision makers from commercial, Government and military sectors will gather to discuss critical issues, policy updates, innovative solutions and industry trends across the space community. The event will include expert panels, keynote addresses and networking opportunities with the top minds in the field. The Space Symposium is the number one international space event that is shaping the future of space exploration and technology.

Carahsoft is looking forward to sponsoring and exhibiting at the 41^st Space Symposium.

Sea-Air-Space

April 19-22, 2026 | National Harbor, MD | In-Person Event

The Navy League of the United States (NLUS) Sea-Air-Space is the largest annual maritime exposition in North America. Attendees across Government and industry gather for innovative and educational discussions on advancements in maritime, naval and security technologies that will strengthen the future of the sea services. The event features informative sessions, policy discussions and 400+ exhibitors—from startups to Fortune 500 companies—showcasing the latest tech in the maritime field.

Carahsoft is looking forward to showcasing our Aerospace and Maritime technology solutions and partner ecosystem as part of the Carahsoft Partner Pavillion.

Looking Ahead:

The geospatial and space tech landscape is evolving rapidly, with GeoAI, precision navigation and cybersecurity at the forefront. As the industry continues to evolve, these events will continue to build momentum. These exciting gatherings will further integrate innovative technologies to address Government needs. Join Carahsoft at these events to explore innovative solutions and connect with industry leaders.

To learn more or get involved in any of the above events, please contact us at Geospatial@Carahsoft.com. For more information on Carahsoft and our industry leading Geospatial and Space Tech technology partners’ events, visit our Geospatial solutions portfolio.  

Sea-Air-Space 2025: Top 6 Insights on AI, Readiness and More

Posted on by Mike McCalip

Sea-Air-Space, the premier maritime exposition of the United States, is an educational hub for defense industry leaders, Government leaders and top military decision-makers to network and discuss the latest insights and advancements in the maritime and space domains. 

Joined by over 40 of our technology partners, Carahsoft showcased solutions on cybersecurity, cloud computing, artificial intelligence (AI) and more at Sea-Air-Space 2025, providing customers the opportunity to engage with and explore technologies designed to enhance the efficiency of mission objectives. 

This year’s conference featured six key themes for attendees to explore.

1. Integrating Artificial Intelligence into Maritime Missions

The efficiency of AI enhances the speed and accuracy of decision-making, providing real-time insights for Sea Service personnel. Integrating AI and other autonomous systems into military operations can satisfy the critical need for close collaboration between the technology industry and the defense sector. Speakers at Sea-Air-Space discussed the importance of finding practical applications of AI, machine learning (ML) and automation across warfighting, business processes, logistics and readiness. 

Major General of the United States Marine Corps, Matthew Glavy, spoke about the Marine Corps’ strategic use of AI. Presently, there is a “campaign of learning” aimed at aligning training and acquisition with AI capabilities. One goal is integrating algorithm management and scalability into AI training. Another is finding AI that functions in harsh maritime environments to improve warfighter’s abilities. Speakers stressed that AI is not just a tool for the future, but a present-day necessity that enables the Sea Services to significantly enhance the effectiveness, precision and longevity of their platforms and operations. With AI’s ability to detect and respond to cyber threats, the nation can better maintain its strategic defense edge.  

2. Preparing Data for Mission Readiness 

Currently available technology, assets and resources can be used to prepare data for future missions. As data can be used to enhance awareness amongst combat environments, sourcing data from diverse sources is vital to developing logistics systems for operations. 

Autonomous systems can be used to collect and translate data into actionable insights, enabling the Sea Services to improve operational readiness, extend lethality and respond swiftly at the tactical edge. The usability of data is just as important as having a diverse source. 

Technology with visualization tools, such as user-friendly dashboards, make data more accessible and predictive. This readability enables forces to anticipate failures, identify vulnerabilities and make data-driven decisions that impact mission readiness, ensuring personnel are equipped to outpace evolving threats.  

3. Maintenance for Operational Readiness 

Readiness is critical to maintaining a competitive edge. The United States Navy’s aims to achieve and sustain 80 percent combat surge ready posture for ships, submarines and aircraft by 2027. To accomplish this, platforms must be maintained and enhanced with the newest technology to ensure they are up-to-date and at their best capacity. Novel approaches to training, manning, and sustainment can all improve force readiness.  

In the session “Ready Our Platforms,” panelists discussed tips on the path to maintain pace with this goal. 

Sea Service personnel should: 

Engage with maintenance initiatives to strengthen planning, execution and partnerships to improve on-time delivery

Take boats out of public shipyards in a timely fashion to ensure combat readiness

Invest in original equipment manufacturing for maintenance work and quality assurance

Review and update the Navy’s acquisition strategy to better acquire services for systems with diminishing subject matter expertise

Increase the number of structural engineers embedded with maintenance teams to enable faster technical resolution of issues

Create a dedicated force to focus on material ordering and provisioning for major maintenance efforts

By embracing a proactive approach to training, manning, modernization and sustainment, the U.S. Navy can ready and bolster its force to improve combat readiness. 

4. Enhancing Security Through Space Systems 

To maintain its competitive edge, the Sea Services must strategically utilize all available assets, including space. In the session “The Critical Role of Industrial Space Assets in Maritime Security,” speaker John Hill, the assistant Secretary of Defense for Space Policy and the Deputy Assistant Secretary of Defense for Space and Missile Defense (PTDO) at the Department of Defense (DoD), discussed the five foundational space mission areas: generating, processing, storing, transporting and protecting data. By aligning mission objectives across the Space Force, Space Command and other relevant forces, the Sea Services can maintain pace with industry goals. Affordable, proliferated space systems and high-value technology can enhance maritime security by providing resilience and durability against emerging threats. By taking a proactive approach to innovation, the defense sector can leverage industry momentum and accelerate capability development.  

5. Innovation With Enterprise Solutions

To support innovation and experimentation, the Sea Services aim to move from traditional procurement models towards modern, iterative approaches that empower operational commands and developers to co-create solutions in real time. 

The key strategies in this shift include: 

Using agile methodologies and continuous delivery pipelines

Giving operational teams authority to drive mission-specific solutions

Building open, modular systems with interoperability standards that allow for adaptable integration that maintains pace with threats and mission priorities

Involving end users throughout the process, ensuring that the burden of integration at scale does not fall to combatants

Providing consistent funding that supports innovation and experimentation

Fostering a culture that accepts measured risk and supports transformation

By decentralizing development and giving operational teams the authority to drive mission-specific solutions, the Navy aims to collapse development timelines, remove bureaucratic friction and deliver high-impact capabilities faster. The initiative provides persistent, mission-aligned funding streams that support innovation and experimentation without excessive risk aversion, creating pathways for scalable solutions at the pace of technological advancement. 

6. A Dive into Maritime Initiatives with Francis Rose

A special Sea-Air-Space 2025 edition of Francis Rose’s Fed Gov Today explores the critical convergence of maritime security, technology and strategy in today’s evolving global environment. An interview with Vice Admiral Andrew Tiongson, Commander of the U.S. Coast Guard Pacific Area, discussed how the Sea Services have increased presence and coordination along the West Coast to counter maritime border incursions. Melissa Carson, Vice President and General Manager at Iron Mountain Government Solutions, highlights the critical need for structured data governance to enable effective AI-driven defense operations. Dr. Abbie Tingstad, Research Professor at the U.S. Coast Guard Academy, underscores the strategic importance of maintaining multi-domain presence in the Arctic through international partnerships, as environmental shifts and great power competition reshape polar governance. These insights collectively demonstrate how technological modernization, AI literacy, data readiness and strategic partnerships are essential for securing maritime domains against complex threats.

Reliable, adaptable and verifiable technology enables the Sea Services to fulfill mission objectives. By leveraging today’s technologies to meet resource needs, extend the lifecycle of critical assets and enhance mission readiness, the Sea Services continue to outpace evolving threats and uphold its promise to protect the nation. 

To learn more about innovations amongst the Sea Services, visit Carahsoft’s defense portfolio to explore solutions showcased at Sea-Air-Space. For additional research into the key takeaways that industry and Government leaders presented at Sea-Air-Space, view Carahsoft’s full synopsis of key sessions from the tradeshow.

Modernizing the Department of Defense’s Authorization to Operate Process For Agility

Posted on by Danielle Metz

What is the National Defense Authorization Act?

Since 1961, the National Defense Authorization Act (NDAA) has authorized funding levels and provided authorities for the U.S. military and other critical defense priorities, ensuring America’s forces have the resources they need to carry out their missions.

Authority to Operate

A barrier that exists for technology companies is obtaining an Authorization to Operate (ATO) for their software applications, services, and or platform capabilities. The ATO process can be challenging, tedious, and unpredictable, with varying costs and timelines. This process is particularly cumbersome and incongruent with the dynamic nature of software deployment. Once the ATO hurdle is cleared, technology companies face their next challenge: continuous monitoring and associated updates. Every major software update must be run through a compliance process. This poses significant challenges for both the software company and the government end-user. It prohibits the timely and continuous resolution of issues and prevents the government from leveraging the latest and most cutting-edge version of an application.

“Presumptive reciprocity” in the context of the National Defense Authorization Act (NDAA) refers to a provision mandating that if one Department of Defense (DoD) authorizing official has approved a cloud-based platform or service as secure, then other DoD officials should automatically accept that assessment without needing to conduct a separate review. Presumptive reciprocity helps lighten the ATO burden and was recently reinforced in Section 1522 of the FY25 NDAA. Enabling another DoD organization to take an ATO for their software application, services, and or platforms from the Air Force Authorizing Official, for example, and having it accepted by the Navy’s Authorizing Official, greatly reduces the burden on both government accrediting officials and the technology company. Most importantly, the DoD warfighter wins by gaining access to best-in-class capabilities delivered at the speed of relevance, ensuring they can execute their missions effectively.

Second Front Systems DoD Authorization to Operate Blog Chart Image 2025

FY2025 NATIONAL DEFENSE AUTHORIZATION ACT (NDAA) SEC. 1522.

What does the language in Sec. 1522 of the FY25 NDAA on DoD Presumptive Reciprocity entail?

Tasks the DoD Chief Information Officer (CIO) to work with Military Department CIOs to develop and regularly maintain a digital directory of all Authorizing Officials (AOs) across the DoD. Specifically, this database will contain current contact information of the AOs AND list training requirements that must be completed to be certified and perform the duties of an AO.
Identifies the need to establish a policy for “Presumption of Reciprocal Software Accrediting Standards.” The DoD CIO is tasked with creating and implementing a policy for DoD that would require AOs to adopt security analysis and supporting documentation of cloud-hosted platforms, services, or applications that have been approved by another AO in the DoD.
- This policy change will allow for more rapid adoption of cloud-hosted platforms, services, or applications at the corresponding classification level (e.g., CUI, Secret, Top Secret) with the existing approval conditions and no further authorization or approval reviews required.
- The policy will include the following:
  - Standardization of security, accreditation, performance, and operational capabilities of the cloud-hosted platforms, services, and applications;
  - A digital workflow to document acceptance by/among the mission owners and system owners to use the operational capabilities from the cloud-hosted platforms, services, and applications; and
  - Define an adjudication process with associated timelines that would allow AOs that disagree with using this policy to present their rationale to the DoD CIO or designated entity for reconciliation.
- The policy applies to the following:
  - ALL AOs in the DoD (Military Department, Defense Agency and Field Activity, and Component).
  - ALL operational capabilities of cloud-hosted platforms, services, and applications that are on public cloud infrastructure and authorized through FedRAMP and DISA AND capabilities in private cloud landing zones managed by the DoD that have been approved by DoD AOs.

The big take away here is that the FY25 NDAA language marks a significant step forward in reducing bureaucratic hurdles for both technology companies and the DoD. By implementing “presumptive reciprocity,” the NDAA streamlines the ATO process, enabling faster adoption of cloud-hosted platforms and services while maintaining rigorous security standards. This policy helps ensure that the DoD can access cutting-edge technology more efficiently, empowering warfighters with the tools they need to execute their missions with speed and precision. As the DoD continues to modernize and adapt to rapidly evolving technologies, these changes pave the way for a more agile, secure, and effective defense ecosystem.

To learn more about Second Front Systems and the National Defense Authorization Act, visit our website and keep up with our latest efforts with the DoD.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Second Front Systems, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Navy Customer Executive: WEST 2025: Top 10 Insights on AI, Cybersecurity and More

Posted on by Mike McCalip

Government leaders, military officials and industry professionals gathered at AFCEA’s WEST 2025 conference to discuss the newest technologies, modern networking capabilities and cybersecurity initiatives that enhance operations within the Sea Services. As a technology provider for the Department of Defense (DoD) and industry experts affiliated with the Navy, Carahsoft and its partners are deeply aligned with the goals of the Navy and Sea Services and is committed to providing mission-critical technologies to keep the country safe. Carahsoft and over 90 of our partners, including Adobe, Appgate, Crowdstrike, Docusign, HashiCorp, Hitachi, Qualys and WIZ joined at WEST 2025 to showcase solutions in artificial intelligence (AI), cybersecurity, DevSecOps, Zero Trust and more.

Check out the action from San Diego, California in our West 2025 recap video!

Here are the top ten insights for the technology industry and Government from this year’s conference.

1. Artificial Intelligence (AI) in the U.S. Navy

There are many opportunities for AI in the Navy, such as the OpenShip Tool and its usage of OpenAI’s Whisper model to translate incoming communications through the Navy’s Very High Frequency (VHF) radios. Remote monitoring can detect issues with technology and support rapid troubleshooting. AI can also be used to predict turnaround time, helping the workforce choose when to prioritize projects and deliver items on time.

AI can simplify operations. PMS 406 unmanned Maritime Systems runs the Unmanned Maritime Autonomy Architecture (UMAA), whose architecture creates a low barrier of entry for operation. With AI, update 6.0 of the UMAA and the Navy’s “Replicator initiative,” which works to field hundreds of autonomous systems by August 2025,” every soldier could operate a drone.

In the session “Fleet AI Deployment,” Lieutenant Artem Sherbinin, the Chief Technology Officer for the U.S. Navy ‘s Task Force Hopper, reviewed the three priority areas for the Navy’s AI usage, which are to:

Outthink adversaries

Enhance administrative work

Maintain goal of keeping 80% of combat surge-ready fleet

By using AI capabilities, the Navy can empower its acquisition force to act efficiently and quickly. Lieutenant Sherbinin also discussed two upcoming projects. Navy warships produce 150TB of data per warship per day. To manage this massive volume of data, the Navy is building a Warfighting Data and AI Ecosystem. This tool’s requirements are being drafted and will be submitted in the upcoming fiscal year, but currently include components such as data extraction, data processing and sensor updates to ships underway. Vendors should keep an eye out for pre-RFPs and RFI opportunities surrounding this capability. The second project is a new Commercial Solutions Offering (CSO), the Surface Lethality CSO. This soon to be released solution will be released through the Defense Innovation Unit on AI for Surface Lethality, and will expedite decision-making and enable the Navy to keep ahead of adversaries.

2. Red Teaming to Improve Cybersecurity

In the session “Leveraging Cloud to Accelerate Unmanned and Autonomous System (UAS) Mission Critical Capabilities,” Allen Mcafee, CTO of Fuse Integration, discussed the desire to increase red teaming—a process for testing cybersecurity by having allied hackers conduct non-threatening breaches—amongst autonomous systems to increase the robust quality of existing programs, especially in the electronic and kinetic fields. Vendors that specialize in cybersecurity solutions for autonomous systems should offer red team services to help solidify UAS security.

3. The Importance of Maritime Trade to Cybersecurity

In the session “Office of Naval Intelligence Brief,” Rear Admiral Mike Brooks, Commander of the Office of Naval Intelligence (ONI), spoke heavily on the criticality of maritime trade and the effect it has on the posture of the Navy. Chokeholds on shipping ports can hinder the economy, and so ONI is placing further emphasis on gathering intelligence in this area to preserve supply chains.

4. DISA’s New Cloud-Based Mission Partner Environment

To address logistic challenges, the Defense Information Systems Agency (DISA) developed a mission partner environment within the cloud. This tool acts as a joint sustainment decision tool and will feature an application hosting platform. DISA will initially host this environment, but is looking for commercial partners to host the platform and ensure its accessibility to all allies and partners.

5. Business Initiatives

The Navy has upgraded its approach to doing business, releasing its Information Superiority Vision (ISV) 2.0. In the initial version, the Navy’s framework for business was “Modernize, Innovate and Defend.” The 2.0 System is:

Optimize – IT teams can integrate new systems and turn off outdated ones

Secure – Personnel should think proactively in the design phase, rather than the more reactive “defend”

Decide – Staff places data into the hands of people who need it

This new system focuses on being proactive and innovative, integrating a focus on the workforce. Vendors should determine how their solutions fit into one or more of these pillars when marketing their technology and solutions.

Carahsoft WEST 2025 Blog Embedded Image 2025

The Navy can learn from all types of industries and technology. Former Commander of the U.S. Pacific Command and Former Ambassador to the Republic of South Korea Admiral Harry B. Harris Jr. recounts an example from the 1930s where the Marine Corps struggled to field a landing craft. The solution came from examining a small civilian craft in the local area, showcasing a “Higgins Boat Moment” where the Marine Corps were able to learn from civilian technologies, highlighting the importance of dual-use technology that is prioritized by the DoD.

Business is fulfilled when employees have bandwidth. In the session “Bringing Enterprise IT to the Edge to Accelerate Innovation,” Captain Kevin White of the PEO C4I PMW/A 170 Navy Communications and GPS Navigation Program discussed how bandwidth can fall into three different categories: morale, business applications and tactical services. When sailors have excellent bandwidth for morale and business applications, they are more efficient tactically.

The DoD is working on a portal that provides information and education on Small Business Innovation Research (SBIR) and Small Business Technology Transfer (SBTT) programs. This portal assists in creating effective proposals and understanding language and resources. This page, while accessible, is still in development and will continue to be fleshed out in the upcoming weeks.

6. Renewing Technology

In the session “I’m charged with Putting a Flux Capacitor in a 1995 Mazda,” Brigadier General of the U.S. Marine Corps and Commanding General of the Marine Corps Installations West Nick I. Brown mentions that whether it is power systems or IT, infrastructure needs to be in place to accept new technology. Much of the DoD’s infrastructure is build on legacy systems or is out of date and needs to be replaced or upgraded before advanced solutions can be put in place. The U.S. Marine Corps is looking for vendors to help with new technology instillations and upgrading existing infrastructure, especially on the West coast. The U.S. Navy is allocating funds to achieve similar goals. It aims to improve its outdated infrastructure and systems to carry out technology initiatives by the Program Executive Office Digital and support the Navy’s culture of excellence.

In the session “Why Have a Lambo if You Don’t Have the Road?”, Col. Jared Voneida discussed five major areas that DISA is working on:

Building commercial and Government data centers

Improving theater transport and host nation infrastructure

Fortifying existing cybersecurity infrastructure and Defensive Cyberspace Operations-Internal Defensive Measures (DCO-IDM)

Maintaining command and control of the network

Completing initiatives by 2027

The Colonel also emphasized the need to divest from legacy time division multiplexing (TDM) infrastructure. While AI and machine learning (ML) has a plethora of uses, until AI/ML software divests from TDM infrastructure, DISA cannot utilize it effectively to assist with their network and data. With updated networks and hardware in place, the Navy and DoD can utilize the newest advanced solutions.

7. IT at the Center of the Workforce

To meet the rising demand in recruitment, the Navy has released its new enlisting agent, Robotics Warfare Specialist. With cybersecurity being more at the center of safety, the Navy aims to train more sailors in IT. Additionally, the Navy has released a new enlisted rating, Robotics Warfare Specialist, a new job that helps ensure effective planning and control of autonomous systems.

8. Improving Productivity by Decreasing Troubleshooting

IT and software issues can lead to lost productivity. RAND Corporation, a research and development nonprofit, recently released a report regarding the viral LinkedIn post “Fix Our Computers” that highlighted user experience challenges with IT systems in the DoD. Their report estimated, on the conservative side, $2.5 billion in lost productivity due to IT and software difficulties. The Sea Services aim to increase the user friendliness of software to decrease the time lost to troubleshooting. In the sessions “Bringing Enterprise IT to the Edge to Accelerate Innovation,” Captain White of the U.S. Navy attributed the largest productivity gaps to IT teams relying on command line programing. Captain White encourages industries to develop more user-friendly systems that do not rely on command lines.

9. Compliance is No Longer Enough

In the session “DON CIO Perspective,” Navy CIO Jane Rathbun states that while Authority to Operate (ATO) tells you how secure a system is at that point in time, it does not encourage the readiness mindset that is optimal for protecting cybersecurity. Rathbun encourages switching to continuous monitoring and authorizations of systems, rather than stopping at ATO compliance. Rathbun specifically noted threat analysis and continuous monitoring as areas vendors might be assessed on in the future.

10. DevSecOps Products that Improve Marine Corps Productivity

The Marine Corps showcased 11 different products manufactured by the software factory product line related to development, security and operations (DevSecOps).

Check out details on the products below:

MyCareer – Supports the Manpower Management Enlisted Assignments (MMEA) and aids Marines by monitoring conversations, providing a virtual queue and matching partners based on data on marine preferences

ItemEyes – Provides marine units with a digitized inventory

Sensor Processing Analysis Radar Translation Application (SPARTA) – Hosts data from radar, automatic identification system (AIS) and unmanned systems all in one user-friendly interface

CRUSADER – Controls, processes and detects radar information in one easy to use library

Real-time Alerting, Interference Detection & Electromagnetic Reporting (RAIDER) – Provides real-time alerts for anomalies detected in the electromagnetic spectrum

All-domain Electromagnetic and Radio Organic Trainer (AeroT) – Helps Marines simulate and visualize their electromagnetic signature

EXODUS – Provides evacuees located abroad with personal services, such as mobile passport processing

TAK Design System – Helps Marines navigate and build plugins for Tactical Assault Kit (TAK)

ReserveHub – Enables Marines to find ideal areas when relocating, boosting retention rates

SnapDB – Analyzes pictures taken by unmanned aerial systems (UAS)

J-Series Message Library, Government Open-Source (JSML) – Translates code into J-Series

Through the developing partnerships between the technology industry and Government as well as Carahsoft and our partners, the DoD can streamline in areas such as artificial intelligence, cybersecurity, DevSecOps, compliance and more. These insights from West 2025 illustrate the Navy and Sea Service’s commitment to continual innovation and maintaining the safety of the nation.

To learn more about cybersecurity and the defense industry, visit Carahsoft’s defense portfolio to explore solutions showcased at AFCEA’s WEST 2025. For additional research into the key takeaways industry and Government leaders presented at WEST, view Carahsoft’s extensive market research brief for a recap.

CMMC Program Executive: How Defense Industrial Base Organizations Can Prepare for the CMMC Program

Posted on by Alex Whitworth

The New CMMC Rule

The security of each organization that supplies goods or services to the Department of Defense (DoD) is of vital importance to the nation’s cyber resilience. The CMMC Program is a part of a holistic initiative by the DoD and Federal Government to enforce cybersecurity standards for DoD contractors and subcontractors and increase supply chain visibility and resilience overall. FedRAMP has increased the security levels of Cloud Service Providers (CSPs) and Software as a Service (SaaS) companies in the technology supply chain. Within the DoD supply chain, CMMC encourages DIB organizations to raise their cyber maturity and resilience. The Code of Federal Regulations (CFR) Title 32 rule passed its 60-day Congressional review on December 16, 2024, officially launching the new Cybersecurity Maturity Model Certification (CMMC) Program. The last remaining step to operationalizing CMMC is the CFR Title 48 rule, which will allow the Government to implement CMMC requirements into contracts and is estimated to launch this year. Defense Industrial Base (DIB) organizations will begin to see CMMC requirements in their contracts with the DoD and related agencies and must be prepared to demonstrate their compliance with the new regulations.

In the latest version, DOD contracts will require one of three cyber maturity levels for all prime or subcontractor organizations under a given contract. During Phase One of the program rollout, DIB organizations will need to provide a self-assessment of their relevant maturity level for the contracts they desire. Then in Phase Two, estimated to begin in 2026, maturity level two contracts will require assessments conducted by a third-party Cyber AB approved C3PAO. The program will be completely rolled out over four phases.

Gaining CMMC Compliance

It will be vital for all organizations to have the relevant level of cyber maturity so that they can continue delivering work, goods and services to the DoD. Whether they are the prime contractor or a subcontractor, defense contractors should expect to see CMMC requirements in their contracts. Prime contractors will pass the maturity level requirements down to subcontractors as a condition of receiving sub-contract work.

Carahsoft CMMC Rule for DIB Organizations Blog Embedded Image 2025

Since the DoD first announced the CMMC Program, it has been building momentum and communicating the framework of the Program to DIB organizations. While there have been minor changes, the core of the framework has remained consistent over the past four years. DIB organizations that have not begun working on compliance should start immediately so they can deliver a self-assessment in early 2025 or a third-party audit in 2026 if they are a level two contractor. With the limited supply of C3PAOs and CMMC assessors, there will likely be a supply shortage resulting in back logs for scheduling a CMMC assessment. Furthermore, organizations looking to utilize external service providers (ESPs) need to engage with those companies early, as there is a limited supply of available compliant options. Ultimately, gaining CMMC compliance is a critical national security mission. With cyber security and data becoming more paramount to the strength of a nation, protecting the data that resides outside DoD firewalls on contractor networks is imperative.

Changes to the Contracting World

CMMC encourages DIB organizations to raise their cyber maturity and resilience. Many DIB customers have begun with self-assessments, engaged with consultants for gap assessments and migrated to Government cloud products. This trend has spread to the civilian side of the Federal Government, as well as to American allies, who have discussed or announced mandatory certification programs modeled on National Institute of Standards and Technology (NIST) standards. But for some small and medium sized businesses, cost is a barrier to gaining CMMC compliance, especially for level two or above. The defense industry has responded to that challenge by innovating and developing more offerings for advisory and consulting services, managed services and purpose-built technology that will help companies accelerate their CMMC journey. This expansion of choice allows for a more ideal fit for each individual company based on its unique environment, considering factors such as in-house talent, available resources and budget.

It is not just prime contractors that must have the appropriate CMMC certification, but subcontractors as well. They will need the same CMMC maturity level as their prime contractor before storing or processing any Controlled Unclassified Information (CUI) or Federal Contract Information (FCI) as part of a contract delivery. To maintain competitiveness, subcontractors will need to achieve CMMC compliance of their own. Ultimately, the prime will be responsible for validating the CMMC maturity level of their subcontractors and will need to put in place a process to do so.

Ultimately, CMMC compliance is a vital contribution to the security of Federal data. Whether an organization is beginning to research CMMC, scoping out the boundaries of their CUI environment, or preparing to remediate the gaps to full compliance, it is a good time to start thinking about CMMC compliance.

How Carahsoft Can Help

Carahsoft is a proud part of the cybersecurity industry and the CMMC ecosystem. Gaining CMMC compliance can be a costly and time-consuming process; Carahsoft can guide your organization through all the available options and help make decisions that are best suited to meet your organization’s unique needs. As a value added reseller that represents over 200 cybersecurity technology vendors, and with over 1000 team members focused on our wide breadth of cyber offerings, Carahsoft can support DIB organizations in addressing every CMMC maturity level and capability domain. Carahsoft can foster connections with service providers, subject matter experts and advisory consultants that can help organizations prepare for or execute a CMMC assessment. By tracking policies and trends that align with customer needs, Carahsoft can pair your organization with the right technology to address your needs, as well as offer news, educational material, events and other resources to make an informed decision for CMMC compliance.

To learn more about gaining CMMC compliance, visit Carahsoft’s CMMC Compliant Products and Services portfolio.

Bridging Identity Governance and Dynamic Access: The Anatomy of a Contextual and Dynamic Access Policy

Posted on by Frank Briguglio

As organizations adapt to increasingly complex IT ecosystems, traditional static access policies fail to meet modern security demands. This blog instance continues to explore how identity attributes, and governance controls impact contextual and dynamic access policies—as highlighted previous articles; Governing Identity Attributes in a Contextual and Dynamic Access Control Environment and SailPoint Identity Security The foundation of DoD ICAM and Zero Trust, it examines the role of identity governance controls, such as role-based access (dynamic or policy-based), lifecycle management, and separation of duties, as the foundation for real-time decision-making and compliance. Together, these approaches not only mitigate evolving threats but also align with critical standards like NIST SP 800-207, NIST CSF, and DHS CISA recommendations, enabling secure, adaptive, and scalable access ecosystems. Discover how this integration empowers organizations to achieve zero-trust principles, enhance operational resilience, and maintain regulatory compliance in an era of dynamic threats.

Authors Note: While I referenced the DoD instruction and guidance, the examples in the document can be applied to the NIST Cybersecurity Framework, and NIST SP 800-53 controls as well. My next article with speak specifically to the applicability of the DHS CDM MUR and future proposed DEFEND capabilities.

Defining Contextual and Dynamic Access Policies

Contextual and dynamic access policies adapt access decisions based on real-time inputs, including user identity, device security posture, behavioral patterns, and environmental risks. By focusing on current context rather than static attributes, these policies mitigate risks such as over-provisioning or unauthorized access.

Key Features:

Contextual Awareness: Evaluates real-time signals such as login frequency, device encryption status, geolocation, and threat intelligence.
Dynamic Decision-Making: Enforces least-privilege access dynamically and incorporates risk-based authentication (e.g., triggering MFA only under high-risk scenarios).
Identity Governance Integration: Leverages governance structures to align access with roles, responsibilities, and compliance standards.

The Role of Identity Governance Controls

Identity governance forms the backbone of effective contextual and dynamic access policies by providing the structure needed for secure access management. Core components include:

SailPoint Bridging Identity Governance Blog Embedded Image

Role-Based Access Control (RBAC), Dynamic/Policy-based: Defines roles and associated entitlements to reduce excessive or inappropriate access.
Access Reviews: Ensures periodic validation of user access rights, aligning with business needs and compliance mandates.
Separation of Duties (SoD): Prevents conflicts of interest by limiting excessive control over critical processes.
Lifecycle Management: Automates the provisioning and de-provisioning of access rights as roles change.
Policy Framework: Establishes clear baselines for determining who can access what resources under specific conditions.

Balancing Runtime Evaluation and Governance Controls

While governance controls establish structured, policy-driven access frameworks, runtime evaluations add the flexibility to adapt to real-time risks. Together, they create a layered security approach:

Baseline Governance: Sets foundational access rights using role-based policies and lifecycle management.
Dynamic Contextualization: Enhances governance by factoring in real-time conditions to ensure access decisions reflect current risk levels.
Feedback Loops: Insights from runtime evaluations inform and refine governance policies over time.

Benefits of Integration

By combining governance controls with contextual access policies, organizations achieve:

Enhanced security through continuous evaluation and dynamic risk mitigation.
Improved compliance with regulatory frameworks like GDPR, HIPAA, and NIST standards.
Operational efficiency by automating access reviews and reducing administrative overhead.

The integration of contextual and dynamic access policies with identity governance controls addresses the dual needs of flexibility and security in modern cybersecurity strategies. By combining structured governance with real-time adaptability, organizations can mitigate risks, ensure compliance, and achieve a proactive security posture that aligns with evolving business needs and regulatory demands. This layered approach represents the future of access management in a rapidly changing digital environment.

To learn more about how SailPoint can support your organization’s efforts within identity governance, cybersecurity and Zero Trust, view our resource, “The Anatomy of a Contextual and Dynamic Access Policy.”

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including SailPoint, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Governing Identity Attributes in a Contextual and Dynamic Access Control Environment

Posted on by Frank Briguglio

In the rapidly evolving landscape of cybersecurity, federal agencies, the Department of Defense (DoD), and critical infrastructure sectors face unique challenges in governing identity attributes within dynamic and contextual access control environments. The Department of Defense Instruction 8520.04, Identity Authentication for Information Systems, underscores the importance of identity governance in establishing trust and managing access across DoD systems. In parallel, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (DHS CISA) guidance and the National Institute of Standards and Technology (NIST) frameworks further emphasize the critical need for secure and adaptive access controls in safeguarding critical infrastructure and federal systems.

This article examines the governance of identity attributes in this complex environment, linking these practices to Attribute-Based Access Control (ABAC) and Role-Based Access Control (RBAC) models. It highlights how adherence to DoD 8520.04, CISA’s Zero Trust Maturity Model, and NIST guidelines enable organizations to maintain the accuracy, security, and provenance of identity attributes. These efforts are particularly crucial for critical infrastructure, where the ability to dynamically evaluate and protect access can prevent disruptions to essential services and minimize security risks. By integrating these principles, organizations not only achieve regulatory compliance but also strengthen their defense against evolving threats, ensuring the resilience of national security systems and vital infrastructure.

SailPoint Governing Identity Attributes Blog Embedded Image 2025

Importance of Governing Identity Attributes

Dynamic Access Control

In a dynamic access control environment (Zero Trust), access decisions are made based on real-time evaluation of identity attributes and contextual information. Identity governance plays a pivotal role in ensuring that these attributes are accurate, up-to-date, and relevant. Effective identity governance facilitates:

Real-time Access Decisions: By maintaining a comprehensive and current view of identity attributes, organizations can make informed and timely access decisions, ensuring that users have appropriate access rights based on their roles, responsibilities, and the context of their access request.
Adaptive Security: Identity governance enables adaptive security measures that can dynamically adjust access controls in response to changing risk levels, user behaviors, and environmental conditions.

Attribute Provenance

Attribute provenance refers to the history and origin of identity attributes. Understanding the provenance of attributes is critical for ensuring their reliability and trustworthiness. Identity governance supports attribute provenance by:

Tracking Attribute Sources: Implementing mechanisms to track the origins of identity attributes, including the systems and processes involved in their creation and modification.
Ensuring Data Integrity: Establishing validation and verification processes to ensure the integrity and accuracy of identity attributes over time.

Attribute Protection

Protecting identity attributes from unauthorized access, alteration, or misuse is fundamental to maintaining a secure access control environment. Identity governance enhances attribute protection through:

Access Controls: Implementing stringent access controls to limit who can view, modify, or manage identity attributes.
Encryption and Masking: Utilizing encryption and data masking techniques to protect sensitive identity attributes both at rest and in transit.
Monitoring and Auditing: Continuously monitoring and auditing access to identity attributes to detect and respond to any suspicious activities or policy violations.

Attribute Effectiveness

The effectiveness of identity attributes in supporting access control decisions is contingent upon their relevance, accuracy, and granularity. Identity governance ensures attribute effectiveness by:

Regular Reviews and Updates: Conducting periodic reviews and updates of identity attributes to align with evolving business needs, regulatory requirements, and security policies.
Feedback Mechanisms: Establishing feedback mechanisms to assess the effectiveness of identity attributes in real-world access control scenarios and make necessary adjustments.

Risks Associated with ABAC and RBAC

ABAC Risks

ABAC relies on the evaluation of attributes to make access control decisions. While ABAC offers flexibility and granularity, it also presents several risks:

Complexity: The complexity of managing a large number of attributes and policies can lead to misconfigurations and errors, potentially resulting in unauthorized access or access denials.
Scalability: As the number of attributes and policies grows, the scalability of the ABAC system can be challenged, affecting performance and responsiveness.
Attribute Quality: The effectiveness of ABAC is heavily dependent on the quality of the attributes. Inaccurate, outdated, or incomplete attributes can compromise access control decisions.

RBAC Risks

RBAC assigns access rights based on predefined roles. While RBAC simplifies access management, it also has inherent risks:

Role Explosion: The proliferation of roles to accommodate varying access needs can lead to role explosion, complicating role management and increasing administrative overhead.
Stale Roles: Over time, roles may become stale or misaligned with current job functions, leading to over-privileged or under-privileged access.
Inflexibility: RBAC may lack the flexibility to handle dynamic and context-specific access requirements, limiting its effectiveness in modern, agile environments.

Importance to a Zero Trust Model

The Zero Trust model is predicated on the principle of “never trust, always verify,” emphasizing continuous verification of identity and context for access decisions. Governing identity attributes is integral to the Zero Trust model for several reasons:

Continuous Verification: Accurate and reliable identity attributes are essential for continuous verification processes that dynamically assess access requests in real-time.
Context-Aware Security: By governing identity attributes, organizations can implement context-aware security measures that consider a wide range of factors, including user behavior, device health, and network conditions.
Minimizing Attack Surface: Effective governance of identity attributes helps minimize the attack surface by ensuring that access rights are tightly controlled and aligned with current security policies and threat landscapes.

Governing identity attributes is a cornerstone of modern access control strategies, particularly within the dynamic and contextual environments that characterize today’s IT ecosystems. By supporting dynamic access, ensuring attribute provenance, protection, and effectiveness, and addressing the risks associated with ABAC and RBAC, identity governance enhances the security and efficiency of access control mechanisms. In the context of a Zero Trust model, the rigorous governance of identity attributes is indispensable for maintaining robust and adaptive security postures, ultimately contributing to the resilience and integrity of organizational systems and data.

To learn more about SailPoint’s cybersecurity capabilities and how it can support mission-critical DoD initiatives, view our technology solutions portfolio. Additionally, check out our other blog highlighting the latest insights into “The Role of Identity Governance in the Implementation of DoD Instruction 8520.04”.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including SailPoint, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

1. Expanding Zero Trust: “Flank Speed” is Ready to Scale

2. How Mission Objectives Drive Acquisition

3. Digital Transformation for Operational Effectiveness

4. Fast-Tracking Authority to Operate (ATO)

5. Using Interoperability to Pitch to DoD

Carahsoft CMMC Webinar Series

A Simple and Secure Path to VM Management

Securing Data with Rubrik’s Rapid Recovery Abilities

Automation: The Key to a Proactive Incident Response

1. Integrating Artificial Intelligence into Maritime Missions

2. Preparing Data for Mission Readiness

3. Maintenance for Operational Readiness

4. Enhancing Security Through Space Systems

5. Innovation With Enterprise Solutions

6. A Dive into Maritime Initiatives with Francis Rose

What is the National Defense Authorization Act?

Authority to Operate

FY2025 NATIONAL DEFENSE AUTHORIZATION ACT (NDAA) SEC. 1522.

1. Artificial Intelligence (AI) in the U.S. Navy

2. Red Teaming to Improve Cybersecurity

3. The Importance of Maritime Trade to Cybersecurity

4. DISA’s New Cloud-Based Mission Partner Environment

5. Business Initiatives

6. Renewing Technology

7. IT at the Center of the Workforce

8. Improving Productivity by Decreasing Troubleshooting

9. Compliance is No Longer Enough

10. DevSecOps Products that Improve Marine Corps Productivity

The New CMMC Rule

Gaining CMMC Compliance

Changes to the Contracting World

How Carahsoft Can Help

Defining Contextual and Dynamic Access Policies

The Role of Identity Governance Controls

Importance of Governing Identity Attributes

Risks Associated with ABAC and RBAC

Importance to a Zero Trust Model

2. Preparing Data for Mission Readiness 

3. Maintenance for Operational Readiness 

4. Enhancing Security Through Space Systems 

The New CMMC Rule