The Top 10 AI Events for Government in 2025

Posted on by
Reply

Artificial intelligence (AI) has grown from simple automation and robotics in the mid-20th century to modern-day advanced technology, experiencing major evolution within the last several years. The power of AI and increased usage across many Public Sector markets has sparked a new wave of innovation surrounding development of tools, solutions, policy, ethics and more. Whether showcasing new technologies or networking with AI tech industry experts, dive into Carahsoft’s recommendations below for the top upcoming AI events to attend this year as we explore all these topics and what is to come for AI. 

 

Ai4

August 11 – 13 | Las Vegas, NV | In-Person Event  

Ai4 2025 is North America’s premier artificial intelligence conference, scheduled for August 11–13 at the MGM Grand in Las Vegas. The event is set to host over 8,000 attendees, 600+ speakers, and 250+ exhibitors, offering a comprehensive platform for exploring AI advancements across various industries, including the public sector. 

Ai4 2025 features a dedicated Government Track that delves into how AI transforms public services, enhancing operational efficiency and improving decision-making within Government agencies. 

Key Themes and Sessions Include: 

  • AI in Public Infrastructure: Insights from leaders like Dr. Mike Horton, Chief AI Officer at the U.S. Department of Transportation, on integrating AI into transportation systems while navigating regulatory landscapes. 
  • Healthcare Innovations: Discussions on how the Veterans Health Administration is leveraging AI to enhance patient care through proactive and personalized solutions. 
  • Ethical AI and Governance: Exploration of AI ethics, data governance and compliance, crucial for public sector implementations. 

Join and connect with Carahsoft partners at Ai4, including: Dataiku, Dell Technologies, Google Cloud, IBM, MongoDB, Oracle, Red Hat, Anaconda, Lilt, NetApp, Snorkel, ZLTech, Weights & Biases, Yurts and Domino. 

Public Sector Low-Code App Engine Innovation Workshop 

August 13 – 14 | Vienna, VA | In-Person Event 

This two-day, hands-on Low-Code App Engine Innovation Workshop will show how agencies are reimagining their approach to automation and app development with ServiceNow’s Creator Workflows and Generative AI. Learn how to boost productivity at scale by building high-value, low-code mission apps with App Engine. 

During this workshop, attendees will learn: 

  • How to identify the right problems to solve in your agency with Low-Code tools. 
  • Successful examples of how other agencies are driving rapid innovation at scale with ServiceNow’s Low-Code App Engine. 
  • Practice ideation and rapid Low-Code app creation techniques that focus on making the world of work, work better. 

Carahsoft is the proud host of this event and is please to offer 16.6 continuing professional education (CPE) credits to those that attend the event through NASBA. 

State & Local Government AI Summit 

August 14 | Boston, MA | In-Person Event 

The Center for Public Sector AI and the Center for Digital Government are building on the momentum of their AI Summit by bringing together state and local CIOs, AI leaders, and private sector partners to explore how artificial intelligence is reshaping Government. As agencies work to unlock AI’s potential while addressing trust, ethics, privacy and workforce challenges, this event offers a dynamic space to connect with peers and innovators who are driving real transformation across Government. 

Connect with Carahsoft partners AWS, Dataminr and Dell Technologies at the State and Local AI Summit. 

AI For Defense Summit 

September 3-4 | National Harbor, MD | In-Person Event

The 4th Annual AI for Defense Summit will bring together leaders from the Department of Defense (DoD), Federal agencies, industry, academia and the intelligence community to explore the strategic integration of artificial intelligence in defense operations. This year’s event will showcase advancements in generative AI, autonomous systems, cybersecurity, and operational AI, while addressing key topics like software acquisition reform, human-machine integration, and safeguarding critical infrastructure. Through panels, keynote sessions, and networking, attendees will gain insights into how AI is reshaping warfighting capabilities, accelerating decision-making, and strengthening national security across all domains.

Connect with Carahsoft partners, including OpenAI, Ask Sage, Fiddler, Everfox, Seekr, AutogenAI and Scale AI.

Billington Cybersecurity Summit 

September 9-12 | Washington, D.C. | In-Person Event 

A long-standing and experienced event, the Billington Cybersecurity Summit features an extensive array of cyber topics, speakers, sessions, and interactive breakouts for attendees to truly immerse themselves in the world of today’s emerging cybersecurity solutions and trends. In its 16th year, this leading Government cybersecurity summit promises an exceptional lineup of Government presenters, an invaluable leadership luncheon, an all-attendee networking reception and over 100 vendor booths featuring strategy development and technology demos. 

For a sneak peek into what you can expect at the summit, topics covered during last year’s event included:  

  • Zero Trust 
  • Ransomware 
  • Advancing cyber diplomacy 
  • Learning how to use proactive defenses 
  • Engineering AI into cybersecurity platforms 
  • Implementing an effective risk management approach 
  • Protecting critical infrastructure 

Stay tuned to the website for announcements around the speaker lineup and further summit information. 

Carahsoft is looking forward to sponsoring this year’s event and will feature a booth to engage with attendees throughout the week. We will also be hosting a large partner pavilion and encourage attendees to stop by and learn more about our partners and their technology solutions! Check out the events tab on our website for more details closer to the event! 

ACT-IAC Digital Transformation Summit  

September 17 | Reston, VA | In-Person Event 

Digital transformation is reshaping how Government, industry and academia operate by leveraging new and evolving technologies to streamline business processes, reduce manual work through automation and expand access by overcoming geographic limitations. It enhances efficiency, agility and scalability, while delivering greater value and satisfaction to staff, customers and stakeholders. Often described as “reimagining how we do business,” successful digital transformation requires strong leadership, a clear vision, staff buy-in, and a solid understanding of how to maximize the impact of technology investments. 

Sessions to Look Out for: Breaking Ground: Real-World Implementation of AI and Next-Gen Technologies and Workforce Management in the Digital Age: AI-Driven Strategies for Recruitment, Retention, and Engagement of Government Employees 

This Summit is being planned and hosted by ACT-IAC and Carahsoft and will focus on where Digital Transformation is today, how it has been used to transition to new innovative technologies and how it has improved overall performance. This event will also include an international element to hear how other countries have utilized digital technologies successfully. 

Dreamforce 

October 14 – 16 | San Francisco, CA | In-Person Event 

Dreamforce 2025, Salesforce’s flagship technology conference emphasizes AI-driven transformation, with a particular focus on the public sector. A central theme is “Agentforce,” Salesforce’s AI-powered digital labor platform designed to enhance operational efficiency and service delivery. For public sector organizations, Agentforce offers tools to automate tasks, improve constituent services, and streamline workflows. Sessions will showcase real-world applications, such as AI-powered virtual assistants, automated case management, and advanced analytics through Tableau Next, all aimed at modernizing government operations 

Sessions to Look Out for: Public Sector Product Roadmap: Future-Proof Your Mission and Elevate Every Education Journey with AI, Data, and Action. 

Carahsoft partner, Salesforce, returns with the most impactful event of the year. Carahsoft is looking forward to hosting a Public Sector networking reception at Dreamforce again in 2025. Stay tuned for more details to attend or participate alongside us as a sponsor! Check out the events tab on our website for more details closer to the event! 

GovAI Summit 

October 27 – 29 | Arlington, VA | In-Person Event 

The GovAI Summit 2025, scheduled for October 27–29 in Arlington, Virginia, is a premier event focused on the integration of artificial intelligence within the public sector. Organized by Modev, the summit aims to bring together government officials, policymakers, technologists, and industry leaders to explore the transformative potential of AI in governance. 

Discussions will emphasize the importance of ethical, non-discriminatory, and responsible AI governance, aligning with the mission of the GovAI Coalition to promote AI for social good. 

SC25: International Conference for High Performance Computing 

Carahsoft Top 10 AI Events Carahsoft Blog Embedded Image 2025

November 16-21 | St. Louis, MO | Hybrid Event 

Supercomputing25 (SC25) is the premier global conference for high-performance computing (HPC), networking, storage and analysis, tailored to address the needs of Government, defense and research organizations. This year’s event explores the transformative impact of HPC technologies on solving critical challenges, advancing national security and driving innovation across scientific and governmental missions. 

At SC25, there will be a wide array of programming including presentations on new research, showcasing innovative work or practices and teaching and guiding the next generation of HPC students and professionals. 

Carahsoft will once again host a large pavilion space and is an exhibiting sponsor of SC25 along with many of our partners at the forefront of high-powered computing, including AWS, Broadcom, Cloudian, Dell, Google, Groq, HPE, IBM, Intel, Microsoft, Microway, NVIDIA, Oracle, Red Hat and VAST Data. 

DODIIS Worldwide

December 7 | Fort Lauderdale, FL | In-Person Event 

The DoDIIS Worldwide Conference 2025, scheduled for December 7–10 in Fort Lauderdale, Florida, will spotlight the integration of artificial intelligence (AI) within defense and intelligence operations. Hosted by the Defense Intelligence Agency (DIA), this event gathers leaders from the Department of Defense (DoD), Intelligence Community (IC), industry and academia to discuss mission-critical technologies and strategies. 

Carahsoft will host an expansive Partner Pavilion highlighting cutting-edge technologies that support artificial intelligence. Within this space, our AI booth—located in the Vertical Alley—will feature demos from our AI solution partners. 

— 

To learn more or get involved in any of the above events please contact us at AITeam@carahsoft.com. For more information on Carahsoft and our industry leading AI technology partners’ events, visit our AI solutions portfolio and AI Events page.

The Top 10 Customer Experience and Engagement Events for Government in 2025

Posted on by
Reply

Customer experience (CX) and engagement is at the forefront of positive innovation in Government, creating efficient and convenient services, accessible access to information and opportunities for communication between agencies and their customers to build a clearer understanding of public needs and how to develop and reform operations. Carahsoft Technology Corp., The Trusted Government IT Solutions Provider®, features a portfolio of industry-leading solutions and providers to support the Government in its efforts to share and report information to its community. Throughout this year, new and returning events will showcase the latest technologies, generate meaningful conversations through networking sessions and provide live product demonstrations to enhance Government CX. We look forward to joining these events with you soon! 


2025 Government Contact Center Summit 

April 30 | Reston, VA | In-Person Event 

Join us for the inaugural Government Contact Center Summit. Dorris Consulting, in collaboration with ACT-IAC, will bring you a day of thoughtful discussions on delivering outstanding digital experiences with best-in-class contact centers. Learn best practices for Government Contact Centers, explore new technologies and solutions and network with leaders from Government and industry. 

As the hosting organization, Carahsoft is excited to partner with DCI and ACT-IAC for the inaugural Government Contact Center Summit at our Carahsoft Conference & Collaboration Center. Join us to hear from and meet Government and industry leaders at the forefront of Government Contact Center innovation. 


Carahsoft AI for Government Summit  

May 15 | Reston, VA | In-Person Event  

Carahsoft Top 10 CX Events Carahsoft Blog Embedded Image 2025

Carahsoft’s AI for Government Summit is the premier event for exploring how AI is revolutionizing the Public Sector. This summit brings together Federal, State and Local Government leaders, industry innovators and technology experts to discuss the transformative potential of AI in addressing the nation’s most pressing challenges. Attendees will gain actionable insight into how Generative AI is transforming Government operations, how AI can streamline public services, cybersecurity and data protection, and how to leverage AI for predictive analytics and decision-making, as well as tackling ethical, privacy and compliance challenges.

Session to Look Out for: Enhancing Customer Experience (CX) in the Public Sector with AI: AI is transforming how Government interacts with citizens. This session will explore how AI-driven chatbots, virtual assistants, and automation improve service delivery and user satisfaction in public-facing Government services.  

Carahsoft is the proud host of the AI for Government Summit. This was a milestone event in 2024 with speakers from NVIDIA, OpenAI, Microsoft, Google, AWS, Dell, HPE and others. Join us at the Carahsoft Conference & Collaboration Center to learn about all things AI within the Public Sector. 


2025 Government Social Media Conference 

May 20-22 | Orlando, FL | Hybrid Event 

GSMCON is the largest social media conference for Government. Hear from 25+ Government speakers participating in more than 20 sessions and breakouts on the latest social media trends, industry secrets and best practices. Attendees will gain real, actionable strategies while fostering connections with Government social media professionals around the globe. 

Sessions to look out for: 

  • Accessible and Inclusive Social Media Strategies for Government Agencies 
  • The Fresh Brand of Bel-Air: Keep Employee Engagement Fresh 

As a Premium Exhibitor at GSMCON in 2025, Carahsoft, along with our partners LinkedIn, Hootsuite and Sprout Social are excited to participate in the premier social media conference for Government agencies for its 10-year anniversary event. Visit our Carahsoft exhibit booth to meet the team and our partners. 


Government Customer Experience & Engagement Summit   

June 3 | Washington, D.C. | Hybrid Event 

The Government Customer Experience & Engagement Summit serves as a crucible for knowledge exchange to build a customer-centric Government. Join Federal and State and Local experts, thought leaders and CX professionals to discuss how emerging technologies are revolutionizing Government CX. Explore best practices for digital transformation, improving employee experience, building trust with constituents and implementing innovative technologies to make Government services, information and processes more efficient. Participants will be able to follow two distinct tracks that cater to diverse interests and objectives: technology and culture. 

Carahsoft is proud to host our 15th annual summit powered by GovExec. Join us, Government leaders and our CX technology and solutions industry experts as they discuss how the future of Government services and CX lies at the intersection of technology, efficiency and establishing a culture of excellence.  


Federal Experience Summit 

August | Washington, D.C. | In-Person Event 

The Qualtrics Federal Experience Summit brings leaders together to engage with each other on the evolving landscape of CX and employee experience (EX). Attendees will gain insight into innovative technologies that foster digital transformation, improve service delivery and build trust with constituents. Participants can choose between CX and EX breakout tracks to tailor their experience to their agency’s needs. 

Carahsoft partner, Qualtrics, is excited to host the Federal Experience Summit once again this year. Join them in Washington, D.C. for discussions on how to listen, understand and act on employee and customer experience feedback. Check out the events tab on our website for more details closer to the event! 


Digital Transformation Summit 2025 

September 17 | Reston, VA | In-Person Event 

The ACT-IAC Digital Transformation Summit provides Government and industry leaders strategies to accelerate the transition from legacy applications to new innovative technologies. Hear leaders share their best practices for building a successful digital transformation approach to meet evolving CX challenges and promote efficiency holistically. Join us for a day of insightful discussions and networking with industry experts, thought leaders and CX professionals. 

Sessions to look out for: 

  • Workforce Management in the Digital Age: AI-Driven Strategies for Recruitment, Retention, and Engagement of Government Employees 
  • Safeguarding Digital Services: Federal Success Stories in Cybersecurity and Data Management 

Carahsoft looks forward to collaborating with ACT-IAC for the 5th Annual Digital Transformation Summit and hosting the event at our Carahsoft Conference & Collaboration Center. Join us to hear from and meet Government and industry leaders driving Government digital transformation. 


Service to the Citizen Awards 

September 19 | Washington, D.C. 

The Service to the Citizen Awards recognizes public servants at all levels of Government (e.g., Federal, State, Local, tribal and international) for their leadership and dedication to delivering services that impact the publics’ lives and rebuild trust in Government. While the event is for the esteemed award winners and sponsors only, nominations are open through April 4, 2025. Are you or do you know someone who goes above and beyond to deliver an exceptional customer experience to citizens? Have a ‘champion of change’ spirit? Supported initiatives that helped the Government provide remarkable services? Submit your nomination today!  

Carahsoft is honored to return as a Platinum sponsor for 2025 and support our partners and customers in their nominations. Join us in honoring exemplary public servants. If you need support with the nomination process, please contact CXmarketing@carahsoft.com. 


Dreamforce 2025 

October 14-16 | San Francisco, CA | Hybrid Event 

Dreamforce is a three-day event featuring the world’s brightest minds in CX to foster discussions about driving innovation and customer success. Discover the latest Salesforce tools and products to help you build engaging digital experiences and meet your constituent’s every expectation. Attend educational breakout sessions, hands-on workshops and network with industry leaders and peers. 

Carahsoft partner, Salesforce, returns with the most impactful event of the year. Carahsoft is looking forward to hosting a Public Sector networking reception at Dreamforce again in 2025. Stay tuned for more details to attend or participate alongside us as a sponsor! Check out the events tab on our website for more details closer to the event! 


Government Service Delivery 2025

October 29-30 | Washington, D.C. | In-Person Event

The Government Service Delivery event program unites U.S. public service leaders to explore how technology is driving innovation and accelerate the delivery of high-quality government services. Attendees will have the opportunity to participate in exclusive roundtables and an open conference over the course of the two days to hear government CX leaders discuss shared challenges to transformation and share insights and intelligence on how they can be overcome to improve public services.

Carahsoft is partaking as a Bronze Sponsor with an exhibit booth and is excited to have the opportunity to connect with our Government’s CX community to learn about their goal and initiatives and how our technology portfolio of solutions can support their goals.


CX Workshop 2025 

December 4 | Virtual Event 

During this transitional time of Government operations, the need to streamline service delivery is imperative. This Nextgov/FCW virtual workshop brings together Government and industry leaders to share lessons and successful customer experience case studies. CX leaders will guide participants on adopting technology to enhance CX and highlight how agencies can best collaborate. 

Carahsoft is returning as an Elite sponsor for 2025. Join us and our partners for conversations on delivering quality digital services and meeting customer expectations. Check out the events tab on our website for more details closer to the event! 


Whether you are looking for latest innovations in improving service delivery and employee experience or to learn more about digitization of services and social media trends, join us at an event this year as we explore all topics within the realm of customer experience and engagement. 


To learn more or get involved in any of the above events please contact us at CXMarketing@Carahsoft.com. For more information on Carahsoft and our industry leading CX technology partners’ events, visit our Customer Experience and Engagement solutions portfolio and CX events page.

The Top 10 Cybersecurity Events for Government in 2025

Posted on by
Reply

In 2025, assessment, adaptation and agility are key for Government agencies and the tech industry to successfully navigate the growing landscape of cybersecurity. As part of the recently released White House Executive Order, “Strengthening and Promoting Innovation in the Nation’s Cybersecurity” Government agencies are tasked with modernizing polices to meet today’s cyber security challenges which include an emphasis on Zero Trust Architectures, Endpoint Detection and Response, Network Segmentation and advancing Phishing Resistant MFA protocols. Carahsoft is prepared to support and guide the Federal, State and Local Government, as well as Education and Healthcare organizations through this new year in collaboration with our robust network of cybersecurity partners and solutions. Check out these top events to learn more about what to expect in cybersecurity throughout this year. 

Public Sector Day at RSA Conference 

April 28 | San Francisco, CA | In-Person Event 

Carahsoft Top 10 Cybersecurity Events Carahsoft Blog Embedded Image 2025

Join us for the 12th Annual RSA Public Sector Day at RSA Conference! This year’s program will examine key areas such as developing a strong cybersecurity workforce, understanding the impact of AI on both offensive and defensive cyber operations, and improving the exchange of information among Government entities. Hear directly from top Government leaders and industry professionals as they discuss their perspectives and strategies for enhancing cybersecurity across all levels of Government and healthcare. 

Stay connected with Carahsoft as we prepare for another great presence at this year’s event and stay tuned to our RSA Public Sector Day 2025 website for more information on our agenda. 

AFCEA TechNet Cyber 

May 6-8 | Baltimore, MD | In-Person Event 

This flagship event will feature conversations led by national defense professionals, tech industry experts and academia partners discussing topics focused on policy, strategic architecture, C2 and joint capabilities. Explore global security challenges and solutions with IT professionals and learn about new ways to combat sophisticated cybersecurity threats.  

Carahsoft’s pavilion will feature more than 50 partners showcasing a full range of cybersecurity, artificial intelligence, DevSecOps and cloud solutions. Fed Gov Today with Francis Rose will also be in the Carahsoft booth taping a broadcast TV episode showcasing Government and industry thought leaders at the event. In addition to our pavilion, Carahsoft will be hosting a networking reception on May 7 at Power Plant Live. 

Educause Cybersecurity and Privacy Professionals Conference 

May 19-21 | Baltimore, MD | In-Person Event 

Student safety and security are consistently at the forefront of educator’s minds and discovering innovative and modern ways to ensure those basic requirements are met is imperative. This premier Educause forum connects you with higher education information security and privacy professionals to do just that. Attendees will have the chance to network and discuss the latest cybersecurity trends and current events with peers and solution providers to make a meaningful impact on their individual communities and the education sector as a whole.  

Program tracks to look out for: 

  • Privacy 
  • Risk, Compliance and Policy 
  • Awareness and Education 
  • Technologies and Operations 
  • Leadership and Professional Development 

We are excited to confirm that we will be attending this year’s conference! Carahsoft has100+ vendors who are dedicated to supporting cybersecurity in education and we, along with our partners, are looking forward to connecting during this premier event. For updates, please email EDUMarketing@carahsoft.com 

 

EDGE25 Security Summit

July 10-12 | San Diego, CA | Hybrid Event

The Government Business Executive Forum (GBEF) is hosting the annual EDGE25 Security Summit to join 400 senior security professionals across multiple industry sectors in three full days discussing the latest global and emerging security threats, strategies and technologies. This is an exclusive, invite-only, event for GBEF members, Government and Carahsoft partners. The summit’s highly interactive, off-the-record executive roundtable agenda offers attendees and participants the opportunity to make connections, share perspectives and speak candidly on technology and mission issues. Additional impactful multimedia presentations will be live and broadcast for virtual attendees, allowing for even more interaction and insight into the progression of world-wide security innovation.

As a Carahsoft partner, you will have the opportunity to join us at GBEF’s leading event, participate in engaging receptions and attend pre- and post-conference activities that encourage building professional relationships across the industry. Additionally, join us as Carahsoft will be sponsoring the welcome reception for attendees aboard the USS Midway on July 10!

 

SANS Government Security Solutions Forum

July 22 | Virtual Event 

The SANS Institute stands on a mission of empowering cybersecurity professionals and honoring the highest standard in cybersecurity education to make the world a safer place. The Government Security Solutions Forum will delve into the latest trends in network protection, AI and cyber defense, supply chain, workforce development and more to help attendees understand how to combat modern threats effectively. At last year’s event, participants engaged with technology experts and listened to unique panel discussions with audience Q&As surrounding invaluable security initiatives across the Public Sector in areas such as Zero Trust implementation, achieving CMMC compliance and harnessing AI. Join us at this year’s event for all this and more! 

Carahsoft looks forward to partnering with the SANS Institute for the fifth year in a row to bring this event to life.  Carahsoft has over 800 employees focused on cybersecurity and partnerships with over 150 vendors. To learn more about the topics discussed at the forum and what to expect in July, read out highlights from last year’s event. 

GovForward ATO and Cloud Security Summit 

July 24 | In-Person Event 

The GovForward ATO and Cloud Security Summit will be back for its 7th year on Thursday, July 24, 2025, at the Waldorf Astoria in Washington D.C. The event will explore the Federal Risk and Authorization Management Program (FedRAMP) changes, and how advancements at the Federal level are impacting the broader Public Sector market. 

With over 1000 registered attendees, more than 30 speakers and 10+ engaging sessions and panels at the 2024 event, Carahsoft is excited to join forces with Government Executive again in 2025 delivering even more valuable insights, expert discussions, and networking opportunities for attendees. View highlights from the 2024 event and check back soon for more information on joining us at the 2025 ATO and Cloud Security Summit.  

Black Hat USA 2025 

August 2-7 | Las Vegas, NV | In-Person Event 

Returning to the Mandalay Bay Convention Center this year, the Black Hat USA 2025 program is packed with cybersecurity excellence in research, development and exploration of trends. Get involved with immersive and interactive trainings, live-in person sessions and demos, on-demand briefings, dynamic networking opportunities in the business hall, as well as the Black Hat Certified Pentester (BCPen) certification program. Join Carahsoft and uncover new ways to support your agency’s or organization’s cybersecurity mission. 

This year, we are exploring the possibility of hosting a breakfast briefing tailored for the Public Sector—stay tuned for updates as plans develop! Additionally, we are excited to announce that we will be hosting a networking reception again this year, providing a great opportunity to connect with industry peers. Check out the events tab on our website for more details closer to the event! 

Billington Cybersecurity Summit 

September 9-12 | Washington, D.C. | In-Person Event 

A long standing and experienced event, the Billington Cybersecurity Summit features an extensive array of cyber topics, speakers, sessions and interactive breakouts for attendees to truly immerse in the world of today’s emerging cybersecurity solutions and trends. In its 16th year running, this leading Government cybersecurity summit promises an exceptional line up of Government presenters, an invaluable leadership luncheon, an all-attendee networking reception and over 100 vendor booths featuring strategy development and technology demos. 

For a sneak peek into what you can expect at the summit, topics covered during last year’s event included:  

  • Zero Trust 
  • Ransomware 
  • Advancing cyber diplomacy 
  • Learning how to use proactive defenses 
  • Engineering AI into cybersecurity platforms 
  • Implementing an effective risk management approach 
  • Protecting critical infrastructure 

Stay tuned to the website for announcements around the speaker lineup and further summit information. 

Carahsoft is looking forward to sponsoring this year’s event and will feature a booth to engage with attendees throughout the week. We will also be hosting a large partner pavilion and encourage attendees to stop by and learn more about our partners and their technology solutions! Check out the events tab on our website for more details closer to the event! 

StateRAMP Cyber Summit 

October 2-3 | Chicago, IL | In-Person Event 

Carahsoft is excited to be the presenting sponsor of the 2nd annual StateRAMP Cyber Summit this year. For Public and Private Sector leaders, this is the leading event to come together and examine today’s crucial cybersecurity, risk management and compliance topics.  

Here is an overview of what attendees can expect this fall: 

  • Future-focused insights on framework harmonization & AI 
  • Best practices in supplier risk management & procurement 
  • Real-world case studies from top cybersecurity leaders 
  • Discussions on emerging technologies and their compliance impact 

With over 350 registered attendees, more than 30 esteemed speakers and 10+ engaging sessions and panels, Carahsoft is honored to have been a presenting sponsor at last year’s inaugural summit. Check out highlights from the 2024 event and check back soon for more information on joining us at the 2025 StateRAMP Cyber Summit. 

Carahsoft Cyber Leaders Exchange 

October | Virtual Event 

Presented by Carahsoft in collaboration with Federal News Network, The Cyber Leaders Exchange will dive into how the Government is building cyber resilience, including showcasing tips, tactics and tools to support your organization’s mission-critical cybersecurity efforts. Look forward to sessions about cybersecurity strategy-building, workforce challenges, AI within cybersecurity and informative speakers from trusted technology vendors as well as Government experts. 

Stay tuned for event announcements and more information to be released. Curious about what to expect? Check out highlights from our 2024 Cyber Leaders Exchange. View the events tab on our website for more details closer to the event! 

Previous Event Highlights:

Rocky Mountain Cyberspace Symposium

February 10-13 | Colorado Springs, CO | In-Person Event 

Connecting people and ideas, RMCS25 is an annual forum for the tech industry, academia and Government to discuss and propose solutions to the challenges of cybersecurity, community cyber readiness and homeland defense facing our nation. The theme of this year was “Securing the Future: Cyber Capabilities, All-Domain Superiority, and Strategic Advantage.” This event explored how cyber capabilities and multi-domain strategies are pivotal in achieving and maintaining strategic advantage in the modern landscape. 

Topics highlighted: 

  • Innovation and Rapid Acquisitions 
  • CJADC2 Strategic Opportunities 
  • Modern Deterrence and Special Ops 
  • Securing Space Through Cyberspace 
  • AI Across the Spectrum of Operations 
  • Posturing and Developing Forces 

Carahsoft exhibited at the event hosting a small pavilion featuring demos from several of our partners and held a successful networking session at this year’s event!

While the Government and cybersecurity community face a great deal of change over the next year, join Carahsoft at one of these immersive events and be a part of modernization and finding solutions to today’s cyber challenges. 

— 

As technology and the Public Sector’s adoption of Cybersecurity tools advance, the topic remains at the forefront. Our partners are making significant strides in Cybersecurity, and you are invited to join the conversation. Attend these revolutionary events and help shape the future of cybersecurity. 

Fal.con Gov 

February 27, Washington, D.C., In-Person  

Zscaler Public Sector Summit 

March 24 – 25, Washington, D.C., In-Person Event 

Okta Government Identity Summit 

March 5, Washington, D.C., In-Person Event 

Palo Alto Ignite  

April 1, Tysons, VA, In-Person Event 

F5 Public Sector Symposium  

April 8 – 10, Tysons, VA, In-Person Event 

AWS re:Inforce 2025 

June 16 – 18, Philadelphia, PA, In-Person Event 

To learn more or get involved in any of the above events please contact us atcybersecurity@carahsoft.com. For more information on Carahsoft and our industry leading Cyber technology partners’ events, visit our Cybersecurity solutions portfolio and Cybersecurity Events page. 

Bridging Identity Governance and Dynamic Access: The Anatomy of a Contextual and Dynamic Access Policy

Posted on by
Reply

As organizations adapt to increasingly complex IT ecosystems, traditional static access policies fail to meet modern security demands. This blog instance continues to explore how identity attributes, and governance controls impact contextual and dynamic access policies—as highlighted previous articles; Governing Identity Attributes in a Contextual and Dynamic Access Control Environment and SailPoint Identity Security The foundation of DoD ICAM and Zero Trust, it examines the role of identity governance controls, such as role-based access (dynamic or policy-based), lifecycle management, and separation of duties, as the foundation for real-time decision-making and compliance. Together, these approaches not only mitigate evolving threats but also align with critical standards like NIST SP 800-207, NIST CSF, and DHS CISA recommendations, enabling secure, adaptive, and scalable access ecosystems. Discover how this integration empowers organizations to achieve zero-trust principles, enhance operational resilience, and maintain regulatory compliance in an era of dynamic threats.

Authors Note: While I referenced the DoD instruction and guidance, the examples in the document can be applied to the NIST Cybersecurity Framework, and NIST SP 800-53 controls as well. My next article with speak specifically to the applicability of the DHS CDM MUR and future proposed DEFEND capabilities.


Defining Contextual and Dynamic Access Policies

Contextual and dynamic access policies adapt access decisions based on real-time inputs, including user identity, device security posture, behavioral patterns, and environmental risks. By focusing on current context rather than static attributes, these policies mitigate risks such as over-provisioning or unauthorized access.

Key Features:

  • Contextual Awareness: Evaluates real-time signals such as login frequency, device encryption status, geolocation, and threat intelligence.
  • Dynamic Decision-Making: Enforces least-privilege access dynamically and incorporates risk-based authentication (e.g., triggering MFA only under high-risk scenarios).
  • Identity Governance Integration: Leverages governance structures to align access with roles, responsibilities, and compliance standards.

The Role of Identity Governance Controls

Identity governance forms the backbone of effective contextual and dynamic access policies by providing the structure needed for secure access management. Core components include:

SailPoint Bridging Identity Governance Blog Embedded Image
  • Role-Based Access Control (RBAC), Dynamic/Policy-based: Defines roles and associated entitlements to reduce excessive or inappropriate access.
  • Access Reviews: Ensures periodic validation of user access rights, aligning with business needs and compliance mandates.
  • Separation of Duties (SoD): Prevents conflicts of interest by limiting excessive control over critical processes.
  • Lifecycle Management: Automates the provisioning and de-provisioning of access rights as roles change.
  • Policy Framework: Establishes clear baselines for determining who can access what resources under specific conditions.

Balancing Runtime Evaluation and Governance Controls

While governance controls establish structured, policy-driven access frameworks, runtime evaluations add the flexibility to adapt to real-time risks. Together, they create a layered security approach:

  • Baseline Governance: Sets foundational access rights using role-based policies and lifecycle management.
  • Dynamic Contextualization: Enhances governance by factoring in real-time conditions to ensure access decisions reflect current risk levels.
  • Feedback Loops: Insights from runtime evaluations inform and refine governance policies over time.

Benefits of Integration

By combining governance controls with contextual access policies, organizations achieve:

  • Enhanced security through continuous evaluation and dynamic risk mitigation.
  • Improved compliance with regulatory frameworks like GDPR, HIPAA, and NIST standards.
  • Operational efficiency by automating access reviews and reducing administrative overhead.

The integration of contextual and dynamic access policies with identity governance controls addresses the dual needs of flexibility and security in modern cybersecurity strategies. By combining structured governance with real-time adaptability, organizations can mitigate risks, ensure compliance, and achieve a proactive security posture that aligns with evolving business needs and regulatory demands. This layered approach represents the future of access management in a rapidly changing digital environment.


To learn more about how SailPoint can support your organization’s efforts within identity governance, cybersecurity and Zero Trust, view our resource, “The Anatomy of a Contextual and Dynamic Access Policy.”


Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including SailPoint, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

How AI Models are Advancing Weather Predictions and Forecasting

Posted on by
Reply

AI models have revolutionized weather forecasting, achieving levels of accuracy unimaginable just a few years ago. Today, a four-day forecast is as reliable as a one-day forecast was in the past, allowing meteorologists to predict weather further in advance with increased precision. This has practical benefits for everyday planning, like deciding whether to grill over the weekend or preparing for outdoor activities. More critically, improved forecasting is a game-changer for disaster preparedness in areas where timely and accurate predictions can save lives and reduce economic losses. Carahsoft, The Trusted Government IT Solutions Provider™, leads in AI innovation, addressing Government challenges and unlocking AI’s potential to accelerate operations. Partnering with top AI companies, Carahsoft delivers advanced, accurate weather models to support Government agencies. 

The Power of AI and Data 

Ground-level stations and satellite sensors generate a massive influx of information daily, which AI excels at processing. By analyzing real-time observations alongside decades of historical weather records, AI tools identify patterns and deliver accurate predictions. This capability is particularly valuable during extreme weather events. 

Carahsoft AI Models Advancing Weather Forecasting Blog Embedded Image 2025

Innovative AI models like Google DeepMind’s GenCast push the boundaries of what is possible in forecasting. GenCast delivers highly detailed forecasts with a resolution of about 16 miles, capturing localized weather patterns often missed by traditional methods. In addition to precision, these models offer unprecedented speed, processing vast amounts of high-quality data in minutes. This efficiency empowers emergency responders and decision-makers to act with confidence, reducing the impact of extreme weather on communities. 

The integration of AI into weather forecasting has also significantly enhanced disaster preparedness. AI enables more precise identification of regions of concern, helping meteorologists and emergency teams allocate resources more effectively and reduce unnecessary efforts elsewhere. This targeted approach ensures critical areas receive the attention they need, while also preventing burnout among professionals tasked with monitoring weather events. 

Moreover, meteorologists are expanding their roles to include emergency management skills. By combining AI insights with a deep understanding of societal and infrastructure impacts, they ensure forecasts translate into actionable strategies that protect lives and property. The combination of AI’s processing power and human expertise enables more effective evacuations, resource alignment and response efforts. 

Challenges and Sustainability in AI Operations 

While AI offers transformative benefits, it also presents challenges. The risk of misinformation from AI-generated weather models or images remains a concern, as untrained individuals may spread false predictions, causing unnecessary panic. This places an additional burden on professionals to correct misinformation and redirect resources. Maintaining a “human-in-the-loop” is essential for all AI deployments, ensuring that expert oversight validates outputs and mitigates potential errors.  Furthermore, improving model training to recognize complex atmospheric dynamics, such as interactions with continental systems that can alter hurricane paths, is essential to enhancing forecasting accuracy. Weather forecasting is uniquely suited for early AI adoption because it generates massive amounts of data and benefits from high-quality datasets provided by organizations like the National Weather Service and NASA, ensuring models are trained on reliable information. 

Sustainability is another critical consideration. Data centers and AI facilities consume significant amounts of energy and water, often in regions susceptible to drought or extreme heat. Expanding such operations across multiple sites could strain local resources. A lack of water for cooling systems, coupled with increasing heat waves, poses risks to operations and the energy grid, potentially leading to rolling blackouts. 

Infrastructure capable of withstanding extreme weather is crucial. Facilities like the Salesforce Tower in California exemplify climate-resilient design by incorporating renewable energy, black water recycling and the ability to export energy to the city during optimal periods. More facilities of this kind are needed—those that not only minimize environmental impact but also contribute positively to surrounding communities. Strategic planning for site locations and designs, informed by accurate climate data, will be essential for ensuring sustainability and resilience. 

How Government Agencies are Preparing for the Future 

As Government agencies embrace an AI-driven future, they are modernizing infrastructure, curating large datasets and upskilling their workforce to harness AI’s potential. These efforts go beyond technological enhancements, focusing on using AI to address critical challenges such as refining weather predictions and mitigating the impacts of extreme weather. By integrating AI into disaster preparedness and emergency management, agencies are building a more resilient framework that protects lives, safeguards jobs and fosters innovative solutions for future challenges. 

How Carahsoft Can Help 

Carahsoft works with a robust and growing ecosystem of thousands of IT solutions providers, including Google, NVIDIA and Microsoft, who have developed AI weather models that are predicting hurricane landfall faster and more accurately than traditional Numerical Weather Prediction (NWP) models. Carahsoft removes barriers around the AI adoption process by providing the infrastructure, data management and cybersecurity solutions required to safely and securely deploy innovative technology in your agency. As Government agencies continue to navigate the complexities of the modern landscape, Carahsoft’s AI partners stand ready to empower them with the tools and technologies needed to thrive in an era of unprecedented change. 

Discover solutions tailored to your needs in Carahsoft’s Artificial Intelligence Solutions Portfolio and gain valuable insights with the AI Buyer’s Guide for Government. 

Why Now is the Time for Government Agencies to Switch to Jira Service Management

Posted on by
Reply

The demands on government agencies are increasing. Citizens expect faster, more efficient services, and agencies are under pressure to modernize their operations and reduce costs. At the same time, legacy IT service management (ITSM) systems are struggling to keep up with the demands of the digital age.

That’s why now is the time for government agencies to switch to Jira Service Management (JSM). JSM is a modern, flexible, and cost-effective ITSM solution that can help agencies improve their service delivery, increase efficiency, and save money.


The Complete ITSM Solution for Government: Cost-Effective, User-Friendly, and Secure

Here are just a few of the reasons why JSM is the right choice for government agencies:

  • Cost-effective: A Forrester Total Economic Impact™ (TEI) study found that organizations using Jira Service Management realized a 277% ROI over three years, with a payback period of less than six months. The study also found that JSM can help organizations save $2.1 million by retiring their previous service management solution. JSM is more affordable than legacy ITSM solutions like ServiceNow, which can be complex and require expensive add-ons. JSM’s transparent pricing model means you’ll know exactly what you’re paying for, with no hidden fees or gotchas.  
  • Easy to use: JSM is user-friendly and easy to implement, even for non-technical users. Your team can be up and running quickly, without the need for extensive training.  
  • Flexible: JSM can be customized to meet the specific needs of your agency. You can easily create new workflows, add new features, and integrate with other systems.
  • Scalable: JSM can grow with your agency. Whether you’re a small team or a large organization, JSM can handle your needs.  
  • Secure: JSM is a secure platform that meets the stringent requirements of government agencies.


The Complete Solution for Modern Government: JSM’s Feature-Rich Platform

JSM also offers several features that are particularly beneficial for government agencies, such as:

  • Collaboration: JSM’s unified platform allows for seamless collaboration between IT teams and other business units. This can help to improve communication and coordination and speed up service delivery.  
  • Citizen Service Desk: JSM’s Citizen Service Desk provides a user-friendly portal for citizens to submit requests and track their progress. This can help to improve citizen satisfaction and engagement.
  • ITIL Compliance: JSM is fully compliant with the ITIL framework, the industry standard for ITSM best practices. This can help agencies to improve their IT service management processes.


Ensure Mission Success: Secure Your Agency’s Future with JSM

In addition to the benefits listed above, switching to JSM can also help government agencies to:

  • Future-proof their IT infrastructure: JSM is a cloud-based solution that is always up to date. This means you’ll always have access to the latest features and security updates.  
  • Improve their agility: JSM’s flexible and scalable platform can help agencies to adapt to change quickly and easily.
  • Reduce their total cost of ownership: JSM can help agencies save money on IT costs by reducing the need for expensive hardware and software.


The Future of Government Service Delivery is Here: Embrace it with JSM

The time for government agencies to embrace the future of IT service management is now. Legacy systems are no longer sufficient in meeting the evolving needs of citizens and the demands of a rapidly changing technological landscape. Jira Service Management offers a compelling solution to these challenges, providing a modern, flexible, and cost-effective platform for enhanced service delivery.

By switching to JSM, government agencies can unlock a world of possibilities:

Enhanced Citizen Service Delivery: Empower your team to deliver exceptional service faster and more efficiently, improving citizen satisfaction and engagement.

Reduced Costs: Streamline processes, automate tasks, and unlock trapped resources, resulting in significant cost savings.

Improved User Experience: Cultivate a user-friendly service environment that fosters collaboration and satisfaction for both internal teams and citizens.

Future-proof your agency: Ensure your technology can adapt to evolving needs and scale alongside your growth.


Don’t let your agency fall behind. Embrace the future of ITSM with Jira Service Management. Contact Oxalis today to embark on your journey towards a brighter, more agile, and citizen-centric future. Our team of experts will guide you every step of the way, ensuring a smooth transition and unlocking the full potential of JSM for your agency.


Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Atlassian, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Governing Identity Attributes in a Contextual and Dynamic Access Control Environment

Posted on by
Reply

In the rapidly evolving landscape of cybersecurity, federal agencies, the Department of Defense (DoD), and critical infrastructure sectors face unique challenges in governing identity attributes within dynamic and contextual access control environments. The Department of Defense Instruction 8520.04, Identity Authentication for Information Systems, underscores the importance of identity governance in establishing trust and managing access across DoD systems. In parallel, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (DHS CISA) guidance and the National Institute of Standards and Technology (NIST) frameworks further emphasize the critical need for secure and adaptive access controls in safeguarding critical infrastructure and federal systems.

This article examines the governance of identity attributes in this complex environment, linking these practices to Attribute-Based Access Control (ABAC) and Role-Based Access Control (RBAC) models. It highlights how adherence to DoD 8520.04, CISA’s Zero Trust Maturity Model, and NIST guidelines enable organizations to maintain the accuracy, security, and provenance of identity attributes. These efforts are particularly crucial for critical infrastructure, where the ability to dynamically evaluate and protect access can prevent disruptions to essential services and minimize security risks. By integrating these principles, organizations not only achieve regulatory compliance but also strengthen their defense against evolving threats, ensuring the resilience of national security systems and vital infrastructure.

SailPoint Governing Identity Attributes Blog Embedded Image 2025

Importance of Governing Identity Attributes

Dynamic Access Control

In a dynamic access control environment (Zero Trust), access decisions are made based on real-time evaluation of identity attributes and contextual information. Identity governance plays a pivotal role in ensuring that these attributes are accurate, up-to-date, and relevant. Effective identity governance facilitates:

  • Real-time Access Decisions: By maintaining a comprehensive and current view of identity attributes, organizations can make informed and timely access decisions, ensuring that users have appropriate access rights based on their roles, responsibilities, and the context of their access request.
  • Adaptive Security: Identity governance enables adaptive security measures that can dynamically adjust access controls in response to changing risk levels, user behaviors, and environmental conditions.

Attribute Provenance

Attribute provenance refers to the history and origin of identity attributes. Understanding the provenance of attributes is critical for ensuring their reliability and trustworthiness. Identity governance supports attribute provenance by:

  • Tracking Attribute Sources: Implementing mechanisms to track the origins of identity attributes, including the systems and processes involved in their creation and modification.
  • Ensuring Data Integrity: Establishing validation and verification processes to ensure the integrity and accuracy of identity attributes over time.

Attribute Protection

Protecting identity attributes from unauthorized access, alteration, or misuse is fundamental to maintaining a secure access control environment. Identity governance enhances attribute protection through:

  • Access Controls: Implementing stringent access controls to limit who can view, modify, or manage identity attributes.
  • Encryption and Masking: Utilizing encryption and data masking techniques to protect sensitive identity attributes both at rest and in transit.
  • Monitoring and Auditing: Continuously monitoring and auditing access to identity attributes to detect and respond to any suspicious activities or policy violations.

Attribute Effectiveness

The effectiveness of identity attributes in supporting access control decisions is contingent upon their relevance, accuracy, and granularity. Identity governance ensures attribute effectiveness by:

  • Regular Reviews and Updates: Conducting periodic reviews and updates of identity attributes to align with evolving business needs, regulatory requirements, and security policies.
  • Feedback Mechanisms: Establishing feedback mechanisms to assess the effectiveness of identity attributes in real-world access control scenarios and make necessary adjustments.

Risks Associated with ABAC and RBAC

ABAC Risks

ABAC relies on the evaluation of attributes to make access control decisions. While ABAC offers flexibility and granularity, it also presents several risks:

  • Complexity: The complexity of managing a large number of attributes and policies can lead to misconfigurations and errors, potentially resulting in unauthorized access or access denials.
  • Scalability: As the number of attributes and policies grows, the scalability of the ABAC system can be challenged, affecting performance and responsiveness.
  • Attribute Quality: The effectiveness of ABAC is heavily dependent on the quality of the attributes. Inaccurate, outdated, or incomplete attributes can compromise access control decisions.

RBAC Risks

RBAC assigns access rights based on predefined roles. While RBAC simplifies access management, it also has inherent risks:

  • Role Explosion: The proliferation of roles to accommodate varying access needs can lead to role explosion, complicating role management and increasing administrative overhead.
  • Stale Roles: Over time, roles may become stale or misaligned with current job functions, leading to over-privileged or under-privileged access.
  • Inflexibility: RBAC may lack the flexibility to handle dynamic and context-specific access requirements, limiting its effectiveness in modern, agile environments.

Importance to a Zero Trust Model

The Zero Trust model is predicated on the principle of “never trust, always verify,” emphasizing continuous verification of identity and context for access decisions. Governing identity attributes is integral to the Zero Trust model for several reasons:

  • Continuous Verification: Accurate and reliable identity attributes are essential for continuous verification processes that dynamically assess access requests in real-time.
  • Context-Aware Security: By governing identity attributes, organizations can implement context-aware security measures that consider a wide range of factors, including user behavior, device health, and network conditions.
  • Minimizing Attack Surface: Effective governance of identity attributes helps minimize the attack surface by ensuring that access rights are tightly controlled and aligned with current security policies and threat landscapes.

Governing identity attributes is a cornerstone of modern access control strategies, particularly within the dynamic and contextual environments that characterize today’s IT ecosystems. By supporting dynamic access, ensuring attribute provenance, protection, and effectiveness, and addressing the risks associated with ABAC and RBAC, identity governance enhances the security and efficiency of access control mechanisms. In the context of a Zero Trust model, the rigorous governance of identity attributes is indispensable for maintaining robust and adaptive security postures, ultimately contributing to the resilience and integrity of organizational systems and data.

To learn more about SailPoint’s cybersecurity capabilities and how it can support mission-critical DoD initiatives, view our technology solutions portfolio. Additionally, check out our other blog highlighting the latest insights into “The Role of Identity Governance in the Implementation of DoD Instruction 8520.04”.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including SailPoint, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Vice President for StateRAMP Solutions, Carahsoft: StateRAMP: Recognizing the Importance of Framework Harmonization

Posted on by
Reply

StateRAMP builds on the National Institute of Standards and Technology (NIST) Special Publication 800-53 standard, which underpins FedRAMP’s approach to cloud security for Federal agencies by offering a consistent framework for security assessment, authorization and continuous monitoring. Recognizing the need for a similar framework at the State and Local levels, StateRAMP has been developed to tailor these Federal standards to the unique needs of State and Local Governments.  

Key to StateRAMP’s initiative is the focus on framework harmonization, which aligns State and Local regulations with broader Federal and industry standards. This harmonization includes efforts like FedRAMP/TX-RAMP reciprocity and the CJIS task force, making compliance more streamlined. By mapping more compliance frameworks to one another, StateRAMP helps Government agencies and industry players leverage existing work, avoid redundancy and facilitate smoother procurement of secure technologies. Carahsoft supports this mission by partnering with StateRAMP Authorized vendors and engaging in initiatives that promote these harmonization efforts, such as the StateRAMP Cyber Summit and Federal News Networks’ StateRAMP Exchange.  

Developing Framework Harmonization 

CSPs often operate across multiple sectors and industries, each regulated by distinct frameworks such as FedRAMP CJIS, IRS Publication 1075, PCI DSS, FISMA, and HIPPA. Managing compliance across multiple frameworks can lead to redundant processes, inefficiencies and complexity. These challenges have emphasized the need for framework harmonization—aligning various cybersecurity frameworks to create a more cohesive and streamlined process.  

Carahsoft StateRAMP Framework Harmonization Blog Embedded Image 2024

With the FedRAMP transition to the NIST SP 800-53 Rev. 5 requirements in 2023, StateRAMP began working towards harmonization with FedRAMP across all impact levels. Through the StateRAMP Fast Track Program, CSPs pursuing FedRAMP authorization can leverage the same compliance documentation, including Plans of Actions and Milestones (POA&M), System Security Plans (SSP), security controls matrix and Third Party Assessment Organization (3PAO) audits, to achieve StateRAMP authorization.  

Reciprocity between StateRAMP and TX-RAMP has been established to streamline cybersecurity compliance for CSPs working with Texas state agencies, higher education institutions and public community colleges. CSPs that achieve a StateRAMP Ready or Authorized status are eligible to attain TX-RAMP certification at the same impact level through an established process. Additionally, StateRAMP’s Progressing Security Snapshot Program offers a pathway to provisional TX-RAMP certification, enabling CSPs to engage with Texas agencies while working towards StateRAMP compliance. Once CSPs have enrolled in the Snapshot Program or have engaged with a 3PAO to conduct an audit, they are added to the Progressing Product List, a public directory of products and their cybersecurity maturity status. This reciprocity eases the burden of navigating multiple compliance frameworks and certifications.  

Harmonized frameworks enable CSPs to align with the cybersecurity objectives of various organizations while simultaneously addressing a broader range of threats and vulnerabilities, improving overall security. StateRAMP’s focus is to align requirements across the Federal, State, Local and Educational sectors to reduce the cost of development and deployment through a unified set of standards. To ensure the Public and Private Sectors work in alignment, StateRAMP members have access to the same guidance, tools and resources necessary for implementing a harmonized framework. This initiative will streamline the compliance process through a unified approach to cybersecurity that ensures adherence to industry and regulatory requirements. 

The Future of StateRAMP  

StateRAMP has rolled out an overlay to its Moderate Impact Level baseline that maps to Criminal Justice Information Services (CJIS) Security Policy. This overlay is designed to strengthen cloud security in the law enforcement sector, helping assess a product’s potential for CJIS compliance in safeguarding critical information.  

At the 2024 StateRAMP Cyber Summit, Deputy Information Security Officer Jeffrey Campbell from the FBI CJIS addressed the challenges state and local entities face when adopting cloud technologies. He explained that while state constituents frequently asked if they could use FedRAMP for cloud initiatives, the answer was often complicated because FedRAMP alone does not fully meet CJIS requirements. “You can use vendors vetted through FedRAMP, that is going to get you maybe 80% of these requirements. There’s still 20% you’re going to have to do on your own” Campbell noted. He emphasized that, through framework harmonization, StateRAMP can bridge this compliance gap, offering states a viable solution to achieve several parallel security standards.  

Another initiative is the NASPO/StateRAMP Task Force, which was formed to unite procurement officials, cybersecurity experts, Government officials and industry experts together with IT professionals. The task force aims to produce tools and resources for procurement officials nationwide to make the StateRAMP adoption process more streamlined and consistent. 

Though still relatively new, StateRAMP is gaining traction, with 28 participating states as of October 2024. As cyberattacks become more sophisticated, cybersecurity compliance has become a larger point of emphasis at every level of Government to protect sensitive data. StateRAMP is working to bring all stakeholders together to drive toward a common understanding and acceptance of a standardized security standard. StateRAMP’s proactive steps to embrace framework harmonization are helping CSPs and State and Local Governments move towards a more secure digital future. 

To learn more about the advantages the StateRAMP program offers State Governments and technology suppliers watch the Federal News Network’s StateRAMP Exchange, presented by Carahsoft.  

To learn more about framework harmonization and gain valuable insights into others, such as cloud security, risk management and procurement best practices, watch the StateRAMP Cyber Summit, presented by Carahsoft. 

Join Fellow Change Agents and Innovators at Prodacity 2025

Posted on by
Reply

With change on the horizon, Federal organizations are re-evaluating legacy processes for software development in order to deliver new and better software to Americans. They’re taking bold action and transforming organizations into continuous software delivery innovators. 

In honor of these government IT change agents, Rise8 is hosting Prodacity 2025 in Nashville, TN on February 4-6. Over three days, Prodacity will bring together technology leaders at every level to learn, discuss, experiment, problem-solve and build transformative solutions that change constituents’ lives. 

The agenda for Prodacity 2025 is packed with expert-led sessions and practical insights tailored to give attendees a complete perspective on effectively implementing continuous delivery. Software development requires more than development expertise; it calls for strategic thinking, an understanding of culture, sound governance and product management skills. Prodacity 2025 attendees will learn about and experience all this and more.  

Each day will focus on different phases of continuous delivery. On day one, attendees will learn about setting a strategic direction for continuous innovation. Day two will be all about mastering tactics for continuous improvement. On day three, attendees will identify where to start with practical steps to drive transformation. 

Speaking of Transformation 

Prodacity 2025 will feature an impressive lineup of speakers from both the private and public sectors. Notable speakers include: 

  • KEYNOTE: Barry O’Reilly, entrepreneur, business advisor and author – Barry is an expert on model innovation, product development, cultural transformation and organization design. At Prodacity 2025, he will speak on why we need a system for unlearning. He co-founded Nobody Studios, a venture studio to create 100 compelling companies over the next five years. His bestselling book, Lean Enterprise: How High-Performance Organizations Innovate at Scale, is the subject of a pre-conference book club. 
  • Justin Fanelli – Mr. Justin Fanelli is the Acting CTO for the Department of Navy and Technical Director of PEO Digital, driving mission-critical IT transformations and cost-efficient innovations. He has held key roles including Chief Data Architect for Defense Health and Technical Director for Navy MPTE, earning accolades like the Etter Award for impactful service delivery and multi-billion-dollar cost savings. A DARPA Service Chiefs Fellow, he has led groundbreaking advancements in healthcare data systems and Navy enterprise solutions. Outside work, Mr. Fanelli teaches at Georgetown, advises startups and contributes to nonprofits like TechImpact.  
  • Paul ContoverosMr. Paul Controveros is the Chief of the Combat Force Enhancement Division at Space Operations Command in the for the U.S. Space Force where he leads all support to Deltas’ Combat Development Teams and Supra Coders. He also leads a team of professional software developers charged with delivering digital tools to the force. Upon retiring from the USAF with 26 years of military service, Mr. Contoveros worked as a contractor supporting the HQ AFSPC S5/9 Advanced Capabilities Team, which morphed into the Directorate of Innovation upon the standup of HQ SpOC. In this role he created the monthly Delta Innovation Collaboration Exchange (DICE), authored the Accelerated Delta Innovation Process (ADIP) and co-authored the command’s first ever, nearly completed, Innovation Operations Instruction. Mr. Contoveros joined the government team in July of 2023 as Director of Innovation, re-branded as the Combat Enhancement Division as part of the SpOC re-organization in 2024. 
  • Alistair Croll, author, founder and chair – Alistair is the author of Lean Analytics, widely considered required reading for startups and Just Evil Enough. He is also the chair of FWD50, a growing community of policymakers, technologists and civic innovators. Drawing on his experience as the builder of web performance pioneer Coradiant and Year One Labs incubator, Alistair will educate Prodacity attendees on MVPs for enterprises.  
  • Edward Hieatt, Mechanical Orchard – Edward serves as Chief Customer Officer, helping enterprises overcome legacy modernization challenges. As a seasoned software engineer, Edward previously worked at Pivotal Labs and played a significant role in its growth, leading the rapid expansion of the technical field organization. His Prodacity talk will provide attendees with a perspective on real continuous delivery.  

Join us at Prodacity 

Carahsoft is thrilled to sponsor Prodacity 2025. We look forward to working alongside the speakers, representatives, attendees and all change agents seeking to disrupt government technology’s status quo. 

Please join us February 4-6, 2025, in Nashville, TN. Learn more and register here. Prodacity will be unlike any other government event you’ve attended—it is the GovTech symposium of the year. 

Cyberattack Trends Impacting Local Government and Education Sectors

Posted on by
Reply

Today’s cybercriminals are no longer driven solely by financial gain, the geopolitical impact of attacks has shifted with nation-state actors now targeting critical infrastructure. While Local Governments have long been a part of this, schools have also become key targets, especially after COVID-19. The pandemic’s disruption to education has left a lasting impact, making attacks on schools and Local Governments both physically and psychologically significant. These institutions, essential to society, are under siege not just for their sensitive data but for their societal importance. With advanced capabilities and financial backing, nation-state actors are accelerating their efforts, heightening the urgency for robust cybersecurity.

Why Threat Actors Target Local Government and Education

Local Governments are frequent cyberattack targets due to their political significance and the essential services they provide. When one city is attacked, neighboring cities often become hyper-vigilant, particularly smaller municipalities managing critical services like water supply. These vital functions make them high-value targets. While financial institutions are seen as obvious targets for their direct connection to money, Government agencies hold more financial value than many realize. The stakes are even higher when political positions are involved, making Local Governments attractive to financially motivated attackers and nation-state actors seeking leverage.

Lumu Technologies SLED Cyberattack Trends Blog Embedded Image 2024

Education has also become increasingly vulnerable. Schools were initially targeted for geopolitical reasons, with attackers seeking to influence the “hearts and minds” of society by disrupting education. However, cybercriminals discovered the financial value of student records, which are worth more on the dark web than credit card or healthcare information due to students not checking their credit scores. This extended window for identity theft, combined with the vast amount of data schools hold, makes educational institutions prime targets for cybercriminals.

Both Local Governments and schools face shared challenges in defending their systems. For Governments, Supervisory Control and Data Acquisition (SCADA) networks that manage infrastructure are often isolated but still present large attack surfaces due to their distributed nature. Schools, on the other hand, struggle with the complexity of students bringing their own devices, which introduces uncontrolled entry points into the network. These vulnerabilities make Local Government and education uniquely attractive and susceptible targets in the cyber landscape.

Two Main Attack Vectors: Phishing and Infostealers

Cybercriminals use various tactics to infiltrate Local Governments and schools, exploiting both technological weaknesses and human behavior. People are often the weakest link, making them prime targets for attackers. The rise of artificial intelligence (AI) has further advanced these attacks, making them more difficult to detect. While agencies and schools cannot fully eliminate the risk through training alone, understanding these evolving threats can significantly reduce the chances of successful attacks.

Phishing and information stealing are two of the most prevalent methods used by cybercriminals. Research from Lumu Technologies shows that phishing accounts for 52% of attacks, while information stealing makes up 48%, illustrating their near-equal presence as cyber threats.

Phishing

Phishing is often used to gain initial access into a network, accounting for approximately 90% of attacks. By tricking users into clicking malicious links or downloading malware, attackers establish a presence in the system. The preliminary malware allows them to move laterally, escalate privileges and locate sensitive data. Attackers either sell the data or use it to launch ransomware attacks. In ransomware scenarios, the attacker takes control of the network, encrypts critical data and issues a ransom demand. Phishing is thus the starting point for a larger chain of events leading to data theft and/or financial extortion.

Information Stealing

Infostealers are designed to capture sensitive information, often to sell on the dark web or to facilitate ransomware attacks. Like intelligence operations, they collect data to spread through an environment or identify new attack points. Keyloggers record keystrokes to capture usernames and passwords for unauthorized access. Other methods include form grabbers, which intercept forms and alter them, and browser hijackers, which mimic legitimate sites to bypass multi-factor authentication. Sensitive data from Local Government and education sectors is highly valuable, with threat actors intensifying efforts to exploit it for profit.

In addition to phishing and infostealers, cybercriminals continually find new ways to exploit technology and human behavior, such as man-in-the-middle (MITM) attacks, credential stuffing and supply chain attacks. These often-overlooked attack vectors can cause significant damage to agencies and schools. Recognizing these methods is crucial for developing comprehensive defenses.

Why These Attack Methods are Successful

These attack methods succeed against Local Governments and schools due to the constantly evolving nature of cyber warfare. Like traditional warfare, attackers adapt, finding new ways in after one vulnerability is closed. Defenders must be equally dynamic.

Even with security measures like Endpoint Detection and Response (EDR), attackers find ways to bypass them. EDR relies on behavior analysis, which takes time, while attackers use advanced AI to quickly develop new methods. Local Governments and schools are often slower to adapt, giving attackers an advantage. The challenge is not just implementing security measures but continuously evolving defenses to keep up with new threats.

AI Versus AI

In the battle against evolving cyberattacks, Local Governments and schools must leverage advanced technologies like AI and automation. As attackers adopt AI to improve the sophistication and speed of attacks, defenders need equally powerful tools. Cybercriminals use AI to bypass traditional defenses, identifying weaknesses faster than humans can.

To keep up, Local Government and education sectors must deploy AI-driven systems to detect threats in real time. AI helps identify vulnerabilities, enabling proactive defense, while automation blocks threats at machine speed. For smaller institutions with limited resources, automation is especially crucial to defend against attacks effectively.

In a landscape where cyber threats continually evolve, matching the speed and sophistication of attackers is crucial for a strong cyber defense. Government agencies and educational institutions must stay vigilant, leveraging AI and automation to outpace attackers and protect the critical infrastructure and data that comprise the foundation of society.

Discover the latest trends in cyberattacks and learn how AI and automation are reshaping the fight against modern cybercriminals in Lumu Technologies’ webinar, “Emerging Cyber Attack Trends Targeting Local Government & Education.”

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Lumu Technologies, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.