How Public Sector Agencies Can Operationalize CISA’s SIEM and SOAR Guidance

Posted on by Patrick Orzechowski

In May 2025, the Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Australian Cyber Security Centre (ACSC), released new executive guidance to help Public Sector leaders effectively leverage Security Information and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) platforms. This guidance aims to strengthen agencies’ cybersecurity by enhancing threat detection, response times and operational efficiencies.

Key Challenges in SIEM and SOAR Implementation

SIEM platforms aggregate and analyze telemetry data from multiple sources, including: endpoints, applications, network devices and cloud environments.

SOAR platforms complement SIEM by automating security workflows, significantly speeding up incident response and reducing alert fatigue. When effectively integrated, these tools enable agencies to centralize security monitoring, automate routine response tasks and improve compliance with cybersecurity mandates.

For all organizations, especially Public Sector organizations, SIEM and SOAR are not just technical tools; they are foundational to building a proactive and time-sensitive cybersecurity posture. These platforms can help agencies increase operational efficiency, reduce alert fatigue and drive compliance with Federal and State cybersecurity mandates.

CISA guidance highlights several common challenges that agencies often encounter when implementing SIEM and SOAR platforms. These include the difficulty of normalizing diverse log data across multiple systems, minimizing false positives that overwhelm analysts and managing the high costs associated with implementation. Agencies also struggle to ensure effective executive oversight of security operations and face ongoing challenges in attracting and retaining qualified cybersecurity talent.

Addressing Challenges with Torq Hyperautomation

Torq Hyperautomation™ directly addresses the implementation challenges faced by Public Sector cybersecurity teams by delivering strategic advantages that legacy SOAR platforms cannot. Unlike traditional solutions, Torq integrates seamlessly with existing SIEM tools to normalize and enrich log data, reduce alert noise and improve the clarity of actionable insights. It leverages AI-driven decision-making to automate dynamic incident response workflows, allowing security teams to respond faster and more precisely.

By combining AI-powered decision logic with adaptive response runbooks, Torq enables organizations to overcome the limitations of legacy SOAR, dramatically improving Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR). This empowers analysts to focus on critical, high-impact threats rather than getting bogged down by repetitive, routine tasks.

Cost-Effective Automation for Resource-Constrained Agencies

Public Sector agencies struggle with resource constraints, and Torq also delivers cost-effective automation. Instead of requiring deep engineering expertise or lengthy integration cycles, Torq offers:

Intuitive, no-code and low-code automation capabilities
Seamless integrations with existing Federal, State and Local cybersecurity toolsets (endpoint, identity, cloud, firewall)
Rapid implementation timelines, ensuring immediate value and reduced costs

Enhanced Executive Visibility and Compliance

From an executive perspective, Torq addresses a crucial component of the CISA guidance: visibility and oversight. Executive dashboards within the platform provide real-time insights into SOC effectiveness, incident trends and automation impact. This visibility enables better budgeting decisions, more effective KPIs and compliance reporting aligned with key security and compliance frameworks.

Real-World Impact

Torq is already delivering substantial results within Public Sector environments. Torq has enabled SOC teams to automate ransomware response, consolidate multi-environment telemetry and auto-generate compliance artifacts. Whether an agency is modernizing its cybersecurity stack, preparing for audits or trying to do more with fewer analysts, Torq is built to support their journey.

Agencies leveraging Torq have achieved the following:

Up to 90% reduction in investigation time
3-5x increase in alert handling capacity with no added headcount
95% of Tier-1 security cases auto-remediated

Taking the Next Step

CISA’s SIEM and SOAR guidance represents a critical shift from reactive cybersecurity practices toward proactive, integrated and automated security operations. As a trusted partner of Carahsoft, Torq is uniquely positioned to help Public Sector agencies rapidly operationalize this guidance. Torq’s scalable, secure and measurable automation platform ensures agencies not only comply with evolving standards but also stay ahead of modern threats.

To learn how Torq can empower your agency’s cybersecurity strategy, request a demo or explore a tailored pilot use case today.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Torq we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Federation Needs a Backbone

Posted on by Frank Briguglio

Identity Security has become the engine behind seamless access. It connects users from different domains, agencies or organizations and lets them move between systems with a single set of credentials. That’s powerful—but it’s also risky when left ungoverned.

Let’s get one thing straight: federation is about access. It answers the question, “Can this person log in?” But it stops short of answering what really matters: “Should they still have access?” “To what?” “For how long?” That’s where governance steps in—and why it must be the foundation under every federated architecture.

The Upside of Federation

Federation simplifies identity. It creates a trust bridge between Identity Providers (IdPs) and Service Providers (SPs). Users authenticate once—via their home IdP like Azure AD or Okta—and access multiple applications without managing new credentials for each.

Benefits include:

Single Sign-On (SSO) across domains
Centralized control of user authentication
Protocol interoperability via standards like SAML, OIDC and WS-Fed

And federation hubs—broker trust between many IdPs and SPs—make it scalable. Instead of dozens of custom integrations, each system plugs into the hub. Clean, efficient and fast. But fast access can become fast failure if you don’t govern it!

Access Governance: The Difference Between Access and Control

Federation gets someone in the door. Governance makes sure they belong there—and ensures they leave when they’re supposed to.

Identity Governance manages the full identity lifecycle: onboarding, role changes, access reviews and deprovisioning. It enforces least privilege, flags risky combinations of access (SoD conflicts) and supports audits and compliance frameworks like NIST, SOX or RMF.

Federation can tell you who authenticated. Governance can tell you:

Whether that person should have access
What access they have across systems
Whether that access aligns with policy
How that access changes over time

Together, federation and governance form a complete identity security model. Separately, one is fast—and one is safe.

What Happens Without Governance?

An ungoverned federation hub is a highway with no speed limits, no offramps and no cameras. You’re enabling access at scale without oversight.

Here are the risks:

Overprovisioned access – Federation alone doesn’t enforce least privilege.
Access creep – Users retain access after job changes or departures.
Orphaned accounts – No lifecycle hooks to clean up stale identities.
Lack of visibility – No way to see what users can do after logging in.
No audit trail – Makes compliance reporting a nightmare.
Increased insider threat – Privileged access can persist unchecked.
Policy misalignment – SAML or OIDC assertions may carry outdated or unverified attributes.

These risks aren’t theoretical. In Federal and defense sectors, unmanaged federation could mean exposing sensitive systems to users who are no longer cleared, or who’ve quietly shifted roles without access being reviewed.

Governance in Action: SailPoint’s Role

SailPoint is not a federation provider. It’s a governance platform that sits on top of your federation layer, giving you full control over identity lifecycles, policies and risk.

SailPoint integrates with both upstream IdPs and downstream apps accessed via the federation hub. It handles:

Identity aggregation and normalization
Automated provisioning/deprovisioning
Policy enforcement (least privilege, SoD, etc.)
Access reviews and certifications
Risk scoring and contextual enforcement
Audit trails and compliance reporting

This governance layer makes sure your federated access is secure, justified and auditable. It aligns your identity strategy with Zero Trust principles—not just who gets in, but why, how and for how long.

Why Governance Must Come First

It’s tempting to view governance as a bolt-on. Something to “get to later” once federation is up and running. That’s dangerous thinking.

Governance is not optional. It’s the foundation.

Without it, every benefit of federation can turn into a vulnerability. That seamless access? Now it’s frictionless exposure. That fast onboarding? Now it’s risky overreach. And every shortcut you take early on becomes technical debt—if not a breach—down the road.

Real-World Example: Federation in Federal Environments

Take the U.S. Department of Defense. Their Enterprise Federation Hub allows identity brokering across agencies, contractors and civilian orgs. It’s fast and powerful—but governance is what makes it secure.

SailPoint is used alongside this hub to:

Enforce ABAC using enriched attributes
Automate provisioning to systems like ServiceNow and SAP
Conduct quarterly access certifications
Supply audit logs for compliance frameworks like FIAR and RMF

Without this layer, the Federation Hub would be a sprawling access point with no brakes, no logs and no cleanup.

Bottom Line

Federation gives you the scale. Governance gives you the safety.

One gets people in. The other makes sure they belong.

If you’re building a federated identity ecosystem—whether in the enterprise or in a multi-agency Government context—start with governance. Don’t wait for audit findings or security incidents to add it later. By then, it’s already too late.

Federation needs a backbone. Governance is it.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including SailPoint we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Powering the OneGov Mission with a New GSA Offer for Slack

Posted on by Bethany Blackwell

The U.S. General Services Administration (GSA) has set a bold new direction for Federal procurement with its OneGov Strategy—a transformative mission to modernize how the Government buys and uses technology. The goal is clear: act as one unified enterprise to reduce costs, improve security, enhance productivity and eliminate the fragmented, agency-by-agency purchasing of the past.

Achieving this vision requires powerful, secure and commercially available tools that can be acquired and deployed with minimal friction. Salesforce is supporting the OneGov mission by making Slack’s FedRAMP-authorized collaboration platform more accessible and affordable for every Federal agency.

Unifying Agencies to Operate as a Shared Enterprise

A core tenet of the OneGov strategy is breaking down silos to help the Government function as a single, coordinated enterprise. Slack is purpose-built for this reality. By moving communication from isolated inboxes into organized, searchable channels, Slack creates a transparent environment for collaboration. More importantly, Slack Connect extends this capability across agency lines, allowing for secure, real-time collaboration with other Government entities and external partners. This directly addresses the OneGov goal of unifying the Federal workforce, ensuring that inter-agency teams can operate with the same speed and alignment as internal ones, all within a controlled and auditable platform.

Enhancing Productivity and Accelerating AI Adoption

The OneGov initiative calls for agencies to leverage modern technology to enhance efficiency. Slack delivers on this with powerful, user-friendly features, such as:

Workflow Builder, which empowers teams to automate routine processes like approvals and status updates without writing a single line of code, freeing up personnel for mission-critical work.
Slack AI, which provides a secure pathway to accelerate artificial intelligence (AI) adoption. Agencies can instantly leverage AI to summarize complex discussions, get immediate answers from internal knowledge bases and draft communications more efficiently.

These tools provide the tangible productivity gains and advanced capabilities needed to build a smarter, more effective Government.

Reducing Costs Through Centralized, Streamlined Procurement

The Salesforce and GSA agreement for Slack is a prime example of the OneGov strategy in action. By establishing a single, Government-wide agreement with transparent, pre-negotiated pricing, we are helping the GSA eliminate duplicative contracts and leverage the full buying power of the Federal Government.

Through November 30, 2025, your agency can access this strategic offer via the GSA Schedule (Contract: 47QSWA18D008F). With no minimum quantities and pricing structured to be Government Purchase Card (GPC) friendly, this offer dramatically reduces procurement friction and empowers teams to quickly acquire the tools they need to support their mission.

This GSA promotion is more than a discount; it is an opportunity to align your agency’s collaboration strategy with the forward-thinking vision of OneGov. It’s a chance to equip your teams with a best-in-class platform that is secure, efficient and cost-effective.

Carahsoft and our partners are committed to helping you navigate this streamlined procurement process. We are ready to provide a quote, schedule a personalized demo and help you realize the full potential of Slack in achieving your agency’s modernization goals.

Ready to join the OneGov movement and transform how your agency collaborates?
Contact our Salesforce team at Carahsoft today or call us at (877) SFDC-007 to learn more and take advantage of this limited-time offer.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Salesforce we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Comprehensive Identity Security: 1Kosmos Achieves FedRAMP High Authorization and Kantara Certification

Posted on by Christine Owen

As cybersecurity demands increase across all levels of Government, 1Kosmos’s credential service provider (CSP) platform represents a shift in how agencies approach identity verification and authentication. Rather than forcing agencies into rigid, one-size-fits-all solutions, the platform offers unprecedented flexibility through its modular architecture. Organizations can deploy everything from simple document capture for in-person verification to comprehensive digital identity wallets that put end-users in complete control of their personal information.

This adaptability proves crucial for Government agencies with diverse operational requirements. Some organizations need only Identity Assurance Level 2 (IL2) workflow integration with existing identity providers like Okta or Microsoft, while others require the full spectrum of identity verification, digital wallet creation and Authenticator Assurance Level 2 (AL2) authentication capabilities. The platform’s ability to scale from basic document verification to complete identity lifecycle management ensures agencies can start with their immediate needs and expand functionality as requirements evolve.

The Power of Dual Certification

As the only CSP to achieve both FedRAMP High authorization and Kantara certification, 1Kosmos has established itself as the definitive solution for Government agencies seeking uncompromising identity security. This dual certification creates a security foundation unmatched in the identity verification space and works in concert to address both the “what” and “how” of secure digital identity management. Kantara certification, based on National Institute of Standards and Technology (NIST) 800-63-3 digital identity guidelines, validates that the platform operates according to the gold standard for identity verification processes and procedures.

FedRAMP High authorization takes security to the next level, implementing over 400 security controls based on NIST 800-53 standards. This represents the most stringent civilian agency security requirements available, with only 20 additional controls separating High from IL4 defense-level certification. The comprehensive nature of these controls means agencies receive verified, not just claimed, security hardening that has undergone rigorous third-party assessment.

This dual certification approach provides Government buyers with unprecedented assurance. While other solutions may meet basic compliance requirements, 1Kosmos offers the most verified hardening available in the market. For agencies navigating complex procurement requirements across Federal, State and Local levels, this certification combination simplifies vendor evaluation and reduces compliance risk. The FedRAMP High baseline ensures smooth flow-down compliance for State and Local implementations, eliminating the complexity of multiple security assessments.

Security and Privacy by Design

True security extends far beyond meeting regulatory checkboxes, and 1Kosmos has embedded privacy and security principles into every aspect of the platform’s architecture. The decision to pursue FedRAMP High from the outset reflects a commitment to protecting what 1Kosmos considers the highest-value data in existence: end-user personally identifiable information (PII).

1Kosmos, 1Kosmos Achieves FedRAMP High Authorization and Kantara Certification, blog, embedded image, 2025

Every piece of data within the 1Kosmos environment undergoes Federal Information Processing Standards (FIPS) 140-3 encryption both in transit and at rest. This is not merely a compliance requirement—it is a recognition that Government agencies entrust identity platforms with irreplaceable citizen information. The platform employs a unique double-encryption approach for digital wallets, where identity evidence receives initial encryption before being secured again within the user’s wallet, with encryption keys remaining under end-user control exclusively.

The platform operates on a privacy-first data retention philosophy. By default, the system processes identity data, stores only what is necessary for wallet creation and immediately deletes excess information. This approach ensures that data remains in the system only as long as operationally required, with automatic deletion on specified retention dates. The platform’s architecture makes it impossible for 1Kosmos or their customers to access end-user wallet data without explicit user consent, creating true user sovereignty over personal information.

What is More Valuable Than Identity?

The question of data value reveals why identity security demands such rigorous protection. In commercial contexts, student records command higher dark web prices than credit card or healthcare information due to the extended window before detection—students typically do not monitor credit for years after graduation. This extended vulnerability period makes educational identity data particularly attractive to cybercriminals and highlights why robust identity verification is essential across all Government sectors.

Government agencies face even higher stakes. Beyond financial fraud, identity compromise can affect national security, citizen services and public trust. The 1Kosmos platform addresses these concerns through continuous security monitoring and automated threat detection capabilities that immediately alert administrators to potential security issues. This proactive approach, combined with comprehensive logging and audit capabilities, ensures agencies maintain complete visibility into their identity security posture.

The platform’s global deployment success stories demonstrate scalability and reliability under real-world conditions. One global business process outsourcing company successfully transitioned half their worldwide user base to 1Kosmos authentication within just two months, showcasing the platform’s ability to handle massive-scale implementations without compromising security or performance.

Building the Future of Government Identity Security

As Government agencies accelerate digital transformation initiatives, the need for trustworthy, scalable identity solutions becomes increasingly critical. The 1Kosmos platform provides the security foundation necessary for agencies to confidently expand digital services while maintaining the highest protection standards for citizen data. With plans to extend certification to IL4 levels for defense customers, 1Kosmos continues pushing the boundaries of what is possible in Government identity security.

Learn more about how 1Kosmos can transform your agency’s identity security posture by exploring their comprehensive platform capabilities and certification achievements.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including 1Kosmos we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

7 Reasons Why Trustwave’s FedRAMP Status is Key for U.S. Vendors

Posted on by Bill Rucker

While selling technology or services to the U.S. Federal Government offers a tremendous opportunity, it also involves navigating complex requirements—especially in the area of cybersecurity.

Federal agencies handle sensitive data and demand the highest levels of security assurance.

This is where the Federal Risk and Authorization Management Program (FedRAMP) comes in, acting as the crucial gatekeeper for cloud services used by the Government.

For vendors looking to succeed in the Federal marketplace, partnering with or building upon services from a FedRAMP-authorized provider isn’t just helpful—it’s often essential.

Trustwave has achieved FedRAMP Authorization for its Government Fusion platform (delivering Managed Detection and Response (MDR) and Co-Managed SIEM/SOC services) which makes Trustwave an ideal partner for any U.S. Government vendor, and here’s why:

1. Instant Credibility: The FedRAMP Stamp of Approval

FedRAMP is the standardized, rigorous security framework mandatory for Federal agency cloud deployments. Achieving FedRAMP Authorization is a lengthy, complex and resource-intensive process, demonstrating an exceptional commitment to security.

Leveraging Trustwave’s FedRAMP-authorized platform instantly elevates your offering’s credibility. It signals to agencies that the underlying security meets the Government’s stringent standards and is vetted through an exhaustive process. Trustwave is notably the first pure-play MDR provider to achieve this status, adding further weight to its credentials.

2. Enhanced Trust and Credibility

Achieving FedRAMP authorization is no small feat. It involves a rigorous evaluation process that includes detailed security assessments and continuous monitoring. Trustwave’s compliance with these standards enhances its credibility and trustworthiness, making it a reliable partner for Government vendors who must adhere to strict security protocols.

Trustwave, 7 Reasons Why Trustwave's FedRAMP Status is Key for US Vendors, blog, embedded image, 2025

3. Meeting Rigorous Federal Security Mandates

FedRAMP isn’t just a checkbox; it ensures robust, ongoing security. Authorization requires continuous monitoring, regular assessments and adherence to strict controls based on NIST standards.

Partnering with Trustwave assures agencies that your solution’s security components adhere to these high standards. Furthermore, Trustwave’s authorization, operating within AWS GovCloud and meeting “U.S. eyes only” requirements, directly supports vendors needing to comply with other critical mandates like the Cybersecurity Maturity Model Certification (CMMC) required for the Defense Industrial Base (DIB).

4. Access to a Wider Government Market

Simply put, FedRAMP authorization is often a non-negotiable requirement for Federal cloud contracts. Without it, market access is severely limited.

By partnering with Trustwave, you align your solution with a provider that has already unlocked the door to Federal agencies requiring FedRAMP compliance. This accomplishment expands your potential customer base significantly. Trustwave also holds GovRAMP authorization, potentially easing access to State and Local Government markets as well.

5. Leveraging Proven Cybersecurity Expertise

Trustwave’s FedRAMP authorization covers its Government Fusion platform, delivering critical Managed Detection and Response and Co-Managed SOC services operated by cleared U.S. personnel.

This means you’re not just getting compliance; you’re gaining the backing of a recognized leader in threat detection, response and managed security. Access to Trustwave’s expertise, including insights from their elite SpiderLabs team, strengthens your overall security posture and value proposition.

6. Continuous Monitoring and Improvement

FedRAMP requires continuous monitoring of security controls and regular updates to address emerging threats. Trustwave’s commitment to ongoing security improvements ensures that Government vendors benefit from the latest advancements in cybersecurity. This proactive approach helps mitigate risks and enhances the overall security posture of Government operations.

7. Support for Cloud Adoption

As Government agencies increasingly adopt cloud technologies, having a FedRAMP-authorized partner like Trustwave is invaluable. Trustwave’s expertise in cloud security helps Government vendors transition to the cloud securely, ensuring compliance with Federal regulations while leveraging the benefits of cloud computing.

In the competitive and security-conscious Federal marketplace, alignment with FedRAMP is critical. Trustwave’s FedRAMP Authorization achievement provides U.S. Government vendors with a powerful advantage.

Partnering with Trustwave offers enhanced credibility, accelerates procurement cycles, ensures compliance with stringent security mandates like FedRAMP and CMMC, broadens market access and leverages world-class cybersecurity services.

For vendors serious about succeeding in the U.S. Public Sector, Trustwave’s FedRAMP status makes them a perfect fit.

To learn more about why partnering with a FedRAMP authorized vendor like Trustwave Government Solutions can help your organization succeed in the Federal marketplace, please visit TGS.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Trustwave we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Preparing Federal Systems for Post-Quantum Security: A Strategic Approach

Posted on by Gina Scinta

Federal agencies face an urgent timeline to protect their most sensitive data from quantum computing threats. Quantum computers leverage physics principles like superposition and entanglement to perform calculations faster than classical computers, posing a significant threat to current encryption standards. Adversaries employ “harvest now, decrypt later” tactics, collecting encrypted data to store until there is a quantum computer powerful enough to break the encryption. The National Institute of Standards and Technology (NIST) released standardized Post-Quantum Cryptography (PQC) algorithms designed to withstand quantum attacks, ensuring long-term data security. The U.S. Federal Government has also issued guidance urging Federal agencies to update their IT infrastructure and deploy crypto-agile solutions that utilize today’s classical encryption algorithms and provide the ability to upgrade to PQC algorithms to combat this threat.

With the Cloud Security Alliance projecting cryptographically relevant quantum computers by 2030, agencies must implement these quantum-resistant algorithms before current security measures become obsolete.

The Quantum Threat Landscape

Current public key infrastructure (PKI), which underpins the internet, code signing and authentication, faces an existential threat from quantum computing. This vulnerability extends beyond theoretical concerns to three specific risk areas affecting Federal systems:

Harvest Now, Decrypt Later: Attackers intercept communications and data today, storing them until quantum computers can break the encryption—potentially exposing Government secrets and sensitive information.
Forged Signatures: Quantum capabilities could enable impersonation of trusted entities, allowing attackers to load malicious software to long-life devices or create fraudulent financial transactions that impact both commercial and Federal Government systems.
Man-in-the-Middle Attacks: Advanced quantum computing could facilitate access to secure systems, potentially compromising military command and control (C2) environments, disrupting critical infrastructure and interfering with elections.

The most vulnerable assets are those containing long-lived data, including decades of trade secrets, classified information and lifetime healthcare and personal identifiable information. Short-lived data that exists for hours or months faces considerably less risk from quantum-enabled decryption.

Post-Quantum Cryptography Standards and Timeline

The standardization of quantum-resistant algorithms represents the culmination of an eight-year process spearheaded by NIST. In August 2024, NIST published its final standards for three critical algorithms:

ML-KEM (formerly Crystals-Kyber) | FIPS 203 | Key Encapsulation
ML-DSA (formerly Crystals-Dilithium) | FIPS 204 | Digital Signature
SLH-DSA (formerly HSS/LMS) | FIPS 205 | Stateless Hash-Based Signature

A fourth algorithm, FND-DSA (formerly Falcon), is still pending finalization. Simultaneously, NIST has released Internal Report (IR) 8547, providing comprehensive guidelines for transitioning from quantum-vulnerable cryptographic algorithms to PQC.

The National Security Agency’s (NSA) Commercial National Security Algorithm Suite 2.0 (CNSA 2.0), released in September 2022 with an FAQ update in April 2024, outlines specific PQC requirements for National Security Systems. These standards have become reference points for Federal agencies beyond classified environments, establishing a staggered implementation timeline:

2025-2030: Software/firmware signing
2025-2033: Browsers, servers and cloud services
2026-2030: Traditional networking equipment
2027: Begin implementation of operating systems

Crypto Agility and Transition Strategy

It is essential for Federal agencies to deploy crypto-agile solutions that provide the ability to quickly modify underlying cryptographic primitives with flexible, upgradable technology. This capability allows organizations to support both current algorithms and future quantum-resistant ones without hardware replacement.

A comprehensive transition strategy includes seven critical steps:

Awareness: Understand the challenges, risks and necessary actions to prepare for quantum threats.
Inventory and Prioritize: Catalog cryptographic technologies and identify high-risk systems—a process the Cybersecurity and Infrastructure Security Agency (CISA) mandated via spreadsheet submission last year.
Automate Discovery: Implement tools that continuously identify and inventory cryptographic assets, recognizing that manual inventories quickly become outdated.
Set Up a PQC Test Environment: Establish testing platforms to evaluate how quantum-resistant algorithms affect performance, as these algorithms generate larger keys that may impact systems differently.
Practice Crypto Agility: Ensure systems can support both classical algorithms and quantum-resistant alternatives, which may require modernizing end-of-life hardware security modules.
Quantum Key Generation: Leverage quantum random number generation to create quantum-capable keys.
Implement Quantum-Resistant Algorithms: Deploy PQC solutions across systems, beginning with high-risk assets while preparing for a multi-year process.

Practical Implementation of PQC

Thales, Preparing Federal Systems for Post Quantum Security, blog, embedded image, 2025

Federal agencies should look beyond algorithms to consider the full scope of implementation requirements. The quantum threat extends to communication protocols including Transport Layer Security (TLS), Internet Protocol Security (IPSec) and Secure Shell (SSH). It also affects certificates like X.509 for identities and code signing, as well as key management protocols.

Hardware security modules (HSMs) and high-speed network encryptors serve as critical components in quantum-resistant infrastructure. These devices must support hybrid approaches that combine classical encryption with PQC to maintain backward compatibility while adding quantum protection.

The National Cybersecurity Center of Excellence (NCCoE) is coordinating a major post-quantum crypto migration project involving more than 40 collaborators, including industry, academia, financial sectors and Government partners. This initiative has already produced testing artifacts and integration frameworks available through NIST Special Publication (SP) 1800-38.

Crypto Discovery and Inventory Management

Automated discovery tools represent a crucial capability for maintaining an accurate and current inventory of cryptographic assets. Unlike the one-time manual inventories many agencies completed in 2022-2023, these tools enable continuous monitoring of cryptographic implementations across the enterprise.

Several vendors offer specialized solutions for cryptographic discovery, including InfoSec Global, Sandbox AQ and IBM. These tools can:

Discover and classify cryptographic material across environments
Identify which assets are managed or unmanaged
Determine vulnerability to quantum attacks
Support centralized crypto management and policies

The Cloud Security Alliance has coined the term “Y2Q” (Years to Quantum) as an analogy to the “Y2K bug,” highlighting the need for systematic preparation. However, the quantum threat represents a potentially more significant risk than Y2K, with a projected timeline that places a cryptographically relevant quantum computer capable of breaking current cryptography by April 14, 2030.

Moving Forward with Quantum-Resistant Security

The transition to post-quantum cryptography is not optional for Federal agencies—it is an imperative. While the process requires significant investment in time and resources, the alternative—leaving sensitive Government data vulnerable to decryption—poses an unacceptable risk to national security.

Agencies should begin by evaluating their existing cryptographic inventory, prioritizing systems with long-lived sensitive data and developing implementation roadmaps aligned with NIST and NSA timelines. By taking incremental steps today toward quantum-resistant infrastructure, Federal organizations can ensure their critical information remains secure in the quantum computing era.

To learn more about implementing quantum-resistant security in Federal environments, watch Thales Trusted Cyber Technologies’ (TCT) webinar, “CTO Sessions: Best Practices for Implementing Quantum-Resistant Security.”

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Thales TCT we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Snyk for Government Achieves FedRAMP Moderate Authorization: A Milestone for Secure Government Software

Posted on by Danny Allen

Today marks a significant milestone for Snyk and, more importantly, for the security posture of the U.S. Government. I’m thrilled to introduce Snyk for Government, our FedRAMP Moderate authorized solution for the Public Sector.

This authorization underscores our unwavering commitment to providing secure development solutions that meet the rigorous standards of the Federal Risk and Authorization Management Program (FedRAMP). It means that U.S. Government agencies can now confidently leverage Snyk’s comprehensive platform to identify and remediate vulnerabilities throughout their software development lifecycle, knowing it meets the stringent security and compliance requirements mandated by the Federal Government.

This achievement is not just a certification; it’s a testament to our dedication to building trust and ensuring the integrity of the software that powers critical Government functions. It allows agencies to embrace modern development practices, including the use of open source software and cloud-native technologies, with the assurance that security is baked in from the start.

The Power of Proactive Security

At Snyk, we believe that security shouldn’t be an afterthought. It needs to be an integral part of the development process. Our platform empowers developers to find and fix vulnerabilities in their code, dependencies, containers and infrastructure as code – early and often. This proactive approach not only reduces risk but also accelerates development cycles by preventing security issues from becoming costly roadblocks later on.

Snyk for Government offers the same powerful capabilities that our enterprise customers rely on, tailored to the specific needs and compliance requirements of Government agencies based on NIST 800-53v5 security controls. This includes:

Comprehensive Vulnerability Detection: Identifying security flaws in open source libraries, proprietary code, containers and infrastructure configurations.
Actionable Remediation Advice: Providing clear guidance and automated fixes to address vulnerabilities quickly and efficiently.
Policy Enforcement: Enabling organizations to define and enforce security policies across their development teams.
Integration with Developer Tools: Seamlessly integrating with popular IDEs, build tools and CI/CD pipelines.
Detailed Reporting and Compliance Features: Providing the visibility and documentation needed to meet FedRAMP requirements.

Investing in the Future of Security: The Snyk AI Advantage

At Snyk we recognize the transformative potential of AI in cybersecurity. By leveraging machine learning and advanced algorithms, we are building intelligent capabilities into our platform that will provide even more accurate vulnerability detection, smarter remediation recommendations and enhanced threat intelligence.

AI is accelerating development faster than ever with Snyk you can ensure the code flooding your systems is secure and, beyond development, verify AI-powered apps aren’t creating unmanaged security risks. Ensure your organization stays secure our AI enabled agentic solution:

Keep Pace with Development: Learn how to scale security to match AI-generated code’s unprecedented speed and volume.
Staying Ahead of New Threat Vectors: Tackle emerging AI threats as apps increasingly leverage LLMs.
Adapting Developer Workflows: Explore the evolving role of developers and the skills needed for a new era of AI-assisted coding and building AI-powered apps.
Build Upon ApSec Governance: Leverage AppSec governance towards secure AI adoption and risk management.

For U.S. Government agencies, these AI-driven advancements will translate into a more resilient and secure digital infrastructure. For the enterprises that service the Government, integrating Snyk’s AI-powered platform into their development processes will not only help them meet stringent security requirements but also provide a competitive edge by building more secure and reliable solutions.

The FedRAMP Moderate authorization for Snyk for Government is a significant step forward in our mission to empower organizations to build securely. Combined with our ongoing investment in cutting-edge technologies like AI, we are confident that Snyk will continue to be a trusted partner for the U.S. Government and its partners in navigating the evolving landscape of software security.

We are excited about this milestone and look forward to helping Government agencies and their partners build a more secure digital future, together.

The Top Human Capital Events for Government in 2025

Posted on by Daniel Bauer

The recent emphasis on reforming the Federal workforce has highlighted the pivotal role of effective human capital management (HCM) in driving mission readiness and Government efficiency. From improving recruitment processes, including accelerated hiring timelines and increased transparency, to implementing strategic workforce development initiatives leveraging skills-based assessments, a modern HCM approach is being used to rapidly transform agencies with the expectation that they will continue to deliver exceptional public service.

Carahsoft and our partners equip Government professionals with the technologies and strategies that will shape the next generation of public service excellence in this evolving landscape.

Modern AI-powered recruitment platforms, predictive analytics and cutting-edge workforce development tools enable agencies to streamline talent acquisition, enhance employee engagement and strengthen team resilience in an era of increasing demands and limited resources.

For over two decades, Carahsoft’s commitment has been to help Government agencies harness the power of information technology to fulfill their missions, and that focus has never been more relevant than it is today.

Here are the top human capital events of 2025 and 2026.

Government Customer Experience and Engagement Summit

June 3 | Washington, DC | In-Person Event

At the center of technology, culture and strategy is customer experience (CX). At the Government Customer Experience and Engagement Summit, attendees can learn about new and emerging technology from experts in the Federal Government. Sessions will focus on digital transformation and how agencies can utilize technology to build trust through a customer-first culture. By learning how to streamline operations, agencies can focus on building trust, enhancing services and creating a culture that inspires lasting impacts for customers.

Sessions to look out for:

Balancing CX with Cybersecurity

Data Analytics: Turning Insights into Impact

The Employee Experience: A Foundation for CX

Harnessing Your Inner Leader: Empowering a CX Culture

Carahsoft is looking forward to sponsoring the event this year with leaders in the industry. Join us, Government leaders and our CX technology and solutions experts to address and discuss the future. Featured sessions will highlight empowering a CX culture, leveraging automation and analytics to enhance CX and overcome organizational silos.

Los Angeles County AI Professional Development Summit

June 25 | City of Industry, CA | In-Person Event

This single-day summit unites IT leaders and LA County businesses to explore the immediate and long-term opportunities for artificial intelligence (AI). Attendees can expect sessions that dive deep into AI in the Public Sector, discussing the latest trends and use-cases, its opportunities and challenges and AI’s potential for bold leadership and novel possibilities. Whether new to the industry or a veteran, there is something for all attendees to learn from and opportunities to share in.

Sessions to look out for:

The AI Leadership Imperative: Navigating Change

AI Demystified: For All of Us

Unified Intelligence: Collaborative Data Strategies for AI Across LA County

As an anchor sponsor, Carahsoft will be attending the summit alongside several of our partners including Adobe, Salesforce, Accenture, Glean, Knowledgelake and more. Sessions held will showcase many of our vendors with city Government leaders in California to showcase artificial intelligence.

INSA The New IC Fair

June 25 | Arlington, VA | In-Person Event

Before INSA’s New IC event, join an exclusive in-person career networking opportunity focused on the Intelligence Community and national security professionals. The Career Conversations event brings together cleared talent and leading organizations for meaningful dialogue that goes beyond traditional job descriptions. With the majority of cleared candidates being passive job seekers, this unique format emphasizes relationship-building and strategic conversations that lead to successful placements and partnerships.

Event highlights:

Career Conversations: 12-2 pm networking format

Exclusive access to passive cleared talent

Strategic teaming and partnering opportunities

Focus on Intelligence Community and national security roles

Carahsoft partners with ClearanceJobs and the Intelligence and National Security Alliance (INSA) to support this premier career networking event. We are committed to connecting cleared professionals with mission-critical opportunities while supporting the unique talent acquisition needs of the Intelligence Community. Through strategic partnerships and specialized recruitment technologies, Carahsoft and our partners help bridge the gap between exceptional cleared talent and the agencies that depend on their expertise.

NASPE Annual Meeting

July 13-16 | Louisville, KY | In-Person Event

The National Association of State Personnel Executives (NAPSE) provides a collaborative forum for State Human Resource (HR) leaders to share strategies and best practices on developing an effective workforce. Through this annual event, NAPSE, an affiliate organization of The Council of State Governments, hosts human capital directors and senior-level staff to discuss the latest trends in HR, improving the overall quality of HR resources and services provided to State Governments.

Carahsoft and our partners connect state HR leaders with cutting-edge human capital technologies designed specifically for Government environments at NASPE’s 2025 Annual Meeting. The conference allows attendees to spend time networking and learning about human resource products. Sponsors of the event will get to spotlight their solutions during the scheduled sessions. Be on the lookout for more information on this event.

NASWA Summit

September 10-11 | Dallas, TX | In-Person Event

The National Association of State Workforce Agencies (NASWA), a national organization representing all 50 state workforce agencies, D.C. and U.S. territories, hosts this premier workforce summit. Leaders in the state workforce agencies and key staff will discuss key issues in the labor system, such as training, employment, careers and wages. This year, the main discussions will be on unemployment insurance, employment statistics and labor market information.

View the Agenda at a Glance for an overview of this year’s Summit.

As a key technology partner, Carahsoft is committed to bringing you the latest tech in human capital. Eightfold.ai, Salesforce, AWS, Deloitte and many other vendors have been attending this event for over 4 years. Come check out the latest and greatest updates at their booths. We hope you will join us at NASWA Summit to learn, network and prepare for our future workforce. 

Leap HR: State & Local Government

September 9-10 | Denver, CO | In-Person Event

Leap HR welcomes HR leaders, IT professionals and State and Local Government officials to brainstorm and collaborate ways to retain the Public Sector workforce, enhance performance and manage talent across various careers. Uncover the Public Sector’s best practices and data-driven insights on attracting and retaining the next generation of the workforce, driving talent mobility, incentivizing high performance and employee growth and more.

Sessions to look out for:

Discover: Optimizing Performance Management with Data Analytics

Develop: What More Can We Learn About the Technology That Can Help Us Reduce Time to Hire?

Action: How Can You Utilize Data and Analytics to Inform Your Performance Strategy and Increase Effectiveness Within Your Workforce?

As an official partner of Leap HR, Carahsoft showcases the technology solutions that solve State and Local Government’s most pressing workforce challenges. This year’s event will be led by expert speakers in human resources roles from State and Local Governments.

HR Tech

September 16-18 | Las Vegas | In-Person Event

This event brings together leaders in the HR technology community to share industry insights. Attendees can expect a large HR expo, exhibit and leading educational sessions on the future of HR. Do not miss this key executive event to explore the latest in HR technology, gain exclusive access to current research, build professional ties and interact with top thought leaders to learn about the intersection of technology and human capital.

Sessions to look out for:

Investor Summit Welcome: Unveiling the Future of WorkTech Investment

The Balancing Act: Human Sustainability in the Age of AI

Crafting Exceptional Employee Journeys with Better HR Tech Adaption

Carahsoft and our partners look forward to showcasing the best in human resources technology at HR Tech 2025. Multiple sessions will take place at the same time on similar topics, so attendees learn what best aligns with their hr needs. Come check out partner exhibits at the expo. Look out for more information on the agenda of speakers.

ClearanceJobs Connect

September 18-19 | Reston, VA | In-Person Event

ClearanceJobs Connect hosts leaders in the national security space to discuss recruiting professionals. As the only event focused on security cleared recruiting, ClearanceJobs Connect recruits Government speakers from both the Defense Office of Hearings and Appeals (DOHA) and the Defense Counterintelligence and Security Agency (DCSA). Attendees will learn about the latest security clearance policies, network with associates and discover the newest and greatest industry insights.

Details about the sessions for the event will be announced later this year.

Carahsoft’s strategic partnership with ClearanceJobs positions us at the epicenter of national security talent acquisition. We are excited to attend ClearanceJobs Connect this autumn alongside several of its partners. Through specialized sessions and partner demonstrations, we’ll showcase how modern recruitment technologies can streamline the complex process of finding, vetting and onboarding cleared talent while maintaining the highest security standards.

WorldatWork Total Rewards ‘26

April 20-22 | San Antonio, TX | In-Person Event

WorldatWork Total Rewards ‘26 is the premier event for Total Rewards revolutionaries, providing a platform to form deep connections with professionals and gain new, inventive insights focused around transforming talent within your organization. With innovative sessions and curated networking aimed at fostering meaningful connections, this event offers a powerful, personalized experience that delivers immediate solutions within a unique, festival-like atmosphere. Experience a transformative journey that enables your organization to enlist real solutions in the realm of human capital.

Carahsoft’s participation in WorldatWork Total Rewards ’26 showcases our commitment to revolutionizing how Government organizations approach compensation and benefits. Our technology partners will demonstrate how modern total rewards platforms enable agencies to compete for top talent with dynamic, personalized compensation packages while maintaining fiscal responsibility and regulatory compliance. For an idea of what to expect, check out the program overview for WorldatWork Total Rewards ’26.

Only by fully leveraging its workforce can agencies and organizations carry out their objectives effectively and efficiently. By using modern workforce analytics and strategic HR solutions, agencies can enhance their ability to attract, develop and retain the skilled professionals needed to achieve mission objectives.

Carahsoft is committed to supporting Government workforce transformation through proven technology partnerships and comprehensive solutions. Our vendor ecosystem spans the complete human capital management spectrum, from recruitment and onboarding platforms to performance analytics and professional development tools.

Ready to transform your workforce strategy? Contact us at HRIT@carahsoft.com to discover how our Human Capital Technology solutions portfolio can drive mission success through strategic human capital management.

From Concept to Implementation: Operationalizing Zero Trust Architecture in Government Environments

Posted on by Norman Wong

Zero Trust has evolved over the last 15 years into a cornerstone of Federal cybersecurity strategy, influencing enterprises as well as State and Local Governments. While the principles of continuous authentication and least privilege are widely accepted, many organizations still need the industry’s support with implementation.

The National Institute of Standards and Technology’s (NIST) National Cyber Center of Excellence (NCCoE) has bridged this gap by offering practical guidance for applying Zero Trust concepts in real-world solutions.

Understanding Zero Trust Principles

Zero Trust is a cybersecurity strategy built on the assumption that networks are already compromised, making it the most resilient approach for securing today’s hybrid environments. Rather than relying on network perimeters, Zero Trust focuses on continuous authentication and verification of every access request, regardless of where those resources are located.

This approach requires organizations to secure all communications through encryption and authentication, grant access on a per-session basis with least privileges, implement dynamic policies, continuously monitor resource integrity and authenticate before allowing access. The objective is to reduce implicit trust between enterprise systems to minimize lateral movement by potential attackers.

Organizations must also collect and analyze as much contextual information as possible to create more granular access policies and strengthen current controls for an enhanced Zero Trust Architecture (ZTA).

NIST’s Role and Guidance

NIST has been instrumental in defining and operationalizing Zero Trust through guidance documents and practical demonstrations like Special Publication (SP) 800-207, published in 2020, which established the foundation for ZTA. Building on this framework, NIST’s NCCoE worked with industry, Government and academia to launch a project to show how these concepts could be implemented in real-world environments.

Initially focused on three example implementations, the project expanded to 19 different ZTA implementations using technologies from 24 industry collaborators, including Palo Alto Networks.

These implementations were built around three primary deployment approaches:

Enhanced Identity Governance: Emphasizes identity and attribute-based access control, ensuring access decisions are linked to user identity, roles and context.
Microsegmentation: Uses smart devices such as firewalls, smart switches or specialized gateways to isolate and protect specific resources.
Software-Defined Perimeter (SDP): Creates a software overlay to protect infrastructure—like servers and routers—by concealing it from unauthorized users.

Although not included in SP 800-207, the project also recognized Secure Access Service Edge (SASE) as an emerging deployment model that integrates network and security functions into a unified, cloud-delivered service.

Practical Implementation Strategies

Palo Alto Networks - Operationalizing Zero Trust - Blog - Embedded Image - 2025

The NCCoE project tackled the critical question: where should organizations start on their Zero Trust journey? By adopting an agile, incremental approach with “crawl, walk and run” stages, the project phased its implementation based on deployment approaches. This allowed gradual, manageable builds while addressing real-world complexities.

Technologies such as firewalls, SASE with Software-Defined Wide Area Network (SD-WAN) and Endpoint Detection and Response (EDR) using Palo Alto Networks Cortex XDR® were utilized, with remote worker scenarios reflecting modern hybrid environments. NIST SP 1800-35 outlines the phased approach and provides a practice guide, including technologies, reference architectures, use cases, tested scenarios and security controls built into each implementation.

One of the most significant challenges addressed was interoperability between different security solutions. Rather than overhauling infrastructure, organizations can leverage existing technologies while gradually introducing new solutions to enhance security and move toward a mature ZTA.

Integrating Technology Solutions

The NCCoE highlighted how comprehensive security platforms enable Zero Trust principles across hybrid environments. Palo Alto Networks presented a comprehensive ZTA built with artificial intelligence (AI) and machine learning (ML), leveraging capabilities including Cloud Identity Engine for federated identity management, next-generation firewalls for microsegmentation, cloud-delivered security services and SASE for remote access and EDR.

The approach focused on three key objectives:

Continuous trust verification and threat prevention
Single policy enforcement across all environments
Interoperability with other security solutions

AI was embedded throughout the platform—from policy creation to user and device analysis—ensuring that Zero Trust policies are enforced consistently and adapted automatically in response to evolving threats. This intelligent strategy provides a scalable and resilient foundation for securing modern, hybrid environments.

Community Collaboration and A Holistic Approach

The success of the NCCoE project underscored the importance of collaboration between Government and industry to develop practical Zero Trust solutions. This partnership enabled the development of a holistic security monitoring system that can track user behavior across on-premises, cloud and remote environments. The integration of AI and ML streamlined incident response, reducing mean time to detection and resolution.

Experts recommend that organizations begin their Zero Trust journey with fundamental capabilities such as identity and access management (ICAM), endpoint security and compliance and data security. Implementing multi-factor authentication (MFA), integrated with existing Active Directory (AD) systems or identity providers, is an effective first step in strengthening access security. Monitoring network traffic and endpoint behavior using threat intelligence, user behavior analytics and AI allows organizations to proactively detect and respond to threats, providing a solid foundation for a resilient ZTA.

The journey to operationalizing Zero Trust continues to evolve, with NIST planning updates to their guidance documents to address emerging technologies like SASE and special considerations for operational technology (OT) environments. By adopting the principles, frameworks and practical implementation approaches demonstrated through the NCCoE project, Government agencies can develop more resilient security architectures that protect resources across diverse environments.

To learn more about implementing ZTAs in Government environments, watch the full webinar “Operationalizing Zero Trust: NIST and End-to-End Zero Trust Architectures,” presented by Palo Alto Networks, NIST and Carahsoft.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Palo Alto Networks, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Why Cloud, Why Now? Modernizing federal IT: Why the cloud is becoming the new standard

Posted on by Arham Dowla

The shift to Atlassian Government Cloud unlocks new potential for federal agencies

Modernization has been a Federal priority for over a decade, but the realities of legacy systems, compliance mandates and limited resources have forced IT leaders to make hard tradeoffs. The pandemic accelerated digital transformation, proving just how critical resilient, cloud-based systems are to mission continuity and citizen services.

Yet many agencies have remained tethered to on-premises tools not by choice, but by compliance constraints.

Now that Atlassian Government Cloud is FedRAMP Moderate authorized, agencies can confidently shift core collaboration and service delivery workloads to the cloud with security and compliance in place.

The opportunity to modernize is clearer than ever. With compliance barriers removed, cloud adoption becomes not just feasible, but foundational to moving missions forward.

FedRAMP Moderate removes the guesswork

Atlassian Government Cloud is a dedicated environment built specifically for public sector teams and limited to U.S. Government agency and contractor usage. It delivers the performance Federal agencies need, with the security and compliance they require.

This includes:

FedRAMP Moderate Authorization for Jira, Confluence and Jira Service Management
Dual-region hosting on AWS commercial US East/West regions
Continuous monitoring aligned to FedRAMP Moderate standards

Atlassian’s Government cloud platform is built on the same architecture that powers Cloud Enterprise, offering the scale, reliability and control public sector teams need. It’s designed to reduce friction and deliver continuous innovation while maintaining trust and transparency.

From patching systems to powering missions

Agencies that remain on legacy infrastructure are fighting a battle on two fronts: maintaining outdated systems while trying to meet new mission demands. That approach is no longer sustainable.

Modernizing with Atlassian Government Cloud eliminates the distractions of infrastructure maintenance and opens the door to high-impact work. Instead of managing update cycles or responding to fire drills, IT teams can shift their focus to scaling digital services, working with disparate teams and improving citizen-facing outcomes.

For IT administrators, this shift is transformational. Cloud offloads the operational burden they’ve carried for years—manual upgrades, weekend patching, surprise outages. With that weight lifted, teams can focus on enabling smarter service delivery across the agency.

As Jeff Garrett, Technical Product Manager at the California Department of Health Care Services shared, “I’ve had to maintain server infrastructure in the past. It’s not pleasant. Being on Atlassian Cloud Enterprise means we don’t have to do that anymore. Plus, we can add and remove applications quickly.”

This is how mission work moves forward with greater speed, clarity and alignment.

Built-in collaboration, automation, and insight

Atlassian Government Cloud offers more than security and compliance. It enables new ways of working across teams and departments, aligning your entire agency and harnessing your data.

Consider this scenario: A Federal program team launches a new initiative to expand community outreach. Rather than waiting weeks for a custom workflow, they spin up a new Jira project using a pre-built template with no administrator required. HR and legal teams contribute to project planning in Confluence, while real-time insights track progress across departments. No tickets. No silos. Just forward momentum.

The scenario above shows how teams can move faster using features like team-managed projects and templates in Jira, along with native incident management in Jira Service Management.

In addition to streamlining work, Atlassian Government Cloud will soon include Atlassian Analytics, bringing cross-product visibility and supporting data-driven decision-making across teams.

Beyond what’s available in Atlassian Government Cloud today, we’re also committed to delivering the same innovative features you’ll find in our commercial products, like Confluence Whiteboards and Goals. We’re actively developing our roadmap for Atlassian Government Cloud and will share more information soon.

Migration isn’t a barrier. It’s a supported journey

Atlassian has helped thousands of organizations transition to the cloud, including some of the world’s largest enterprises and Government agencies. We have reliable tooling for migrating data from Data Center to Atlassian Government Cloud that has been hardened through years of supporting migrations to commercial cloud. And for those migrating from commercial cloud to AGC, we’re releasing tooling for this soon.

Federal teams benefit from specialized migration support designed to streamline the process and minimize risk. That includes:

A Cloud Migration Manager assigned to each Atlassian Government Cloud project
Migration guides, training resources and toolkits to support end-user adoption
The choice to engage with a network of experienced solution partners if your agency wants even more support.

Agencies already using Atlassian Cloud are seeing measurable results that support faster delivery, smarter governance and stronger collaboration:

Utah Department of Technology Services cut Jira project setup time by 90%, enabling faster response to internal and citizen needs
California Department of Health Care Services standardized on Atlassian Cloud and reduced one project’s delivery time from 18 months to 6 months, cutting costs from $2.8M to $600K

With Atlassian, cloud migration becomes a guided path to modernization — not an obstacle.

The results are measurable

The shift to Atlassian Government Cloud delivers tangible results. Early adopters, including public sector agencies and private sector enterprises, are already seeing gains in performance, collaboration, and insight.

In a recent customer impact survey, organizations migrating to Atlassian Cloud reported:

Up to a 53% increase in productivity
47% improvement in cross-functional collaboration
44% gain in insight-driven decision-making

These outcomes directly support the goals of Federal agencies: improved cross-team collaboration, greater agility and faster progress on mission priorities. In a time when agencies are under pressure to do more with less, results like these make a big impact.

Take the next step

With FedRAMP Moderate authorization in place, Federal agencies can now adopt Atlassian Government Cloud with confidence. It’s time to move from maintaining systems to empowering missions.

Curious about your agency’s migration path to Atlassian Government Cloud? You can become a part of our Early Access Program. Join the waitlist here!

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Atlassian we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.