Tag Archives: Cybersecurity

Strengthening the OneGov Mission with a New GSA Offer for Broadcom Security Solutions 

Posted on by
Reply

The U.S. General Services Administration (GSA) is redefining Federal procurement through its OneGov Strategy, an initiative aimed at streamlining how Government agencies purchase and implement technology. This unified approach is designed to reduce costs, enhance cybersecurity, improve operational efficiency, and move away from the historically siloed procurement process. 

To help realize this vision, Broadcom is offering its robust security solutions to civilian and unclassified Department of Defense (DOD) agencies through a limited-time promotion—ensuring agencies can access trusted, commercial-grade tools with greater ease and affordability. 

Breaking Down Security Silos with Unified Protection 

The GSA’s OneGov strategy emphasizes the need for agencies to operate as a unified enterprise rather than isolated entities. Broadcom’s security portfolio directly supports this vision by providing integrated solutions that work cohesively across agency boundaries. The combination of Symantec Data Loss Prevention (DLP), Carbon Black Endpoint Detection and Response (EDR) and Carbon Black App Control creates a comprehensive security framework that addresses multiple threat vectors from a single console. 

This unified approach eliminates the complexity of managing disparate security tools while providing the visibility and control necessary for cross-agency collaboration. By streamlining policy management, reporting and incident response through integrated platforms, agencies can reduce administrative overhead and focus resources on mission-critical activities. 

Advancing Zero Trust Architecture Through Proven Technologies 

Executive Order on Improving the Nations Cybersecurity requires DoD agencies to establish plans to drive adoption of Zero Trust architecture, while also mandating enhanced software supply chain security and deployment of multifactor authentication and encryption. Zero Trust implementation requires foundational security capabilities that provide continuous verification and monitoring across all network control points. Broadcom’s security solutions deliver these essential components through proven technologies that have been battle-tested in the most demanding environments. 

Symantec DLP provides the highest level of data protection with real-time visibility and control over sensitive information. The platform automatically prevents data leaks through intelligent messaging blocking and modification capabilities, ensuring that critical Government assets remain secure whether in transit, at rest or in use. This automated approach reduces the burden on security teams while maintaining strict compliance with Federal data protection requirements. 

Carbon Black EDR continuously records endpoint activity, enabling proactive threat hunting and reactive incident response capabilities. This comprehensive visibility allows security teams to detect and respond to advanced threats even in air-gapped environments, providing persistent monitoring essential for Zero Trust architecture. 

Implementing Positive Security Models for Enhanced Protection 

Traditional security approaches rely on maintaining lists of known threats, which can quickly become outdated as attack vectors evolve. Carbon Black App Control takes a fundamentally different approach by implementing a positive security model that only allows trusted and approved software to execute on Government systems. 

This proactive security stance effectively prevents malicious attacks from establishing a foothold, thereby reducing the attack surface and providing agencies with greater confidence in their endpoint security posture.  

Flexible Deployment Options for Diverse Government Environments 

Government agencies operate across a spectrum of technical environments, from cloud-native deployments to air-gapped networks with limited connectivity. Broadcom’s security solutions are designed to function effectively across this entire range, providing consistent protection regardless of deployment constraints. 

Whether agencies require on-premises installation for sensitive workloads, cloud deployment for scalability or air-gapped operation for classified environments, these solutions maintain their full functionality and security effectiveness. This flexibility ensures that agencies with varying technical resources and requirements can implement comprehensive security measures without compromising their operational needs. 

Maximizing Value Through Strategic Procurement 

The current promotional offering saves 75% off GSA ceiling prices for net new license purchases, representing significant cost savings for DoD agencies looking to enhance their security capabilities. This promotion runs from August 1 through September 30, 2025, and is available through Carahsoft’s GSA Schedule with no minimum quantity requirements. 

The pricing structure is designed to be Government Purchase Card friendly, reducing procurement friction and enabling teams to quickly acquire the security tools they need. For existing customers, the promotion applies to net new licenses, allowing agencies to expand their security coverage while taking advantage of substantial savings. 

Carahsoft and our partners are here to support your agency in leveraging this simplified procurement pathway. Our team is available to deliver tailored quotes, arrange customized demonstrations and help you maximize the value of Broadcom’s solutions in advancing your modernization objectives. 

Ready to transform how your agency secures data and advances Zero Trust goals? Contact our Broadcom team at BroadcomFED@carahsoft.com or call us at 571-662-3260 to learn more and take advantage of this limited-time offer. 

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Broadcom we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Streamlining Federal Identity Management: How Okta Workflows Accelerate Cost Savings for Government 

Posted on by
Reply

The U.S. General Services Administration’s (GSA) OneGov strategy signals a major shift toward unified, efficient Government operations, breaking down technology silos and enabling agencies to work as a coordinated entity. At the core of this change is the need for modern identity management solutions that can automate complex processes while upholding top security standards. Automation can save agencies time, budget and drive outcomes for tool consolidation efforts. Okta Workflows provides Federal agencies with a no-code automation platform that simplifies identity operations and promotes collaboration across agencies. 

Breaking Down Identity Silos Through No-Code Automation 

Traditional identity management in Government often involves fragmented, manual processes that create operational bottlenecks and security vulnerabilities. Okta Workflows directly addresses these challenges by providing a unified automation engine that connects disparate systems without requiring custom coding. The platform’s pre-built connectors, reusable templates and Application Programming Interface (API) integrations enable agencies to orchestrate identity lifecycle events across multiple applications and cloud environments seamlessly. 

This approach eliminates the need for point solutions and manual workarounds that have historically contributed to siloed operations. By centralizing identity automation, agencies can ensure consistent policy execution across business units while maintaining complete audit trails for compliance reporting. 

Enhancing Cross-Agency Collaboration and Security 

Okta Workflows excels in supporting the OneGov vision of cross-agency collaboration through its robust security framework and automation capabilities. With FedRAMP High authorization and Federal Information Processing Standard (FIPS) 140-2 validated cryptography, the platform meets the Government’s most stringent security requirements while enabling streamlined operations. 

The solution automates essential identity processes, including: 

  • Joiner/mover/leaver workflows using Human Resources (HR) data and custom triggers 
  • Complex account creation with automated app assignments based on user attributes such as organizational unit and clearance level 
  • Real-time provisioning and deprovisioning across Software-as-a-Service (SaaS) applications, including Azure AD, Office 365 and Salesforce 

These automated workflows greatly reduce the workload on IT staff by decreasing password-reset tickets and access requests, while ensuring consistent policy enforcement across all systems. 

Accelerating Productivity While Maintaining Security Standards 

Government agencies face mounting pressure to deliver services more efficiently while maintaining strict security protocols. Okta Workflows addresses this challenge by dramatically reducing the time and effort required for routine identity management tasks. The platform’s automation capabilities free IT personnel from repetitive administrative work, allowing them to focus on mission-critical initiatives. 

The solution’s alignment with Zero Trust principles further enhances security posture by enforcing least privilege access, enabling continuous authentication and providing automated deprovisioning capabilities. This ensures that access rights are consistently managed throughout the user lifecycle, reducing security risks associated with delayed access revocations when personnel change roles or leave the organization. 

Simplified Procurement and Deployment 

Recognizing that Federal agencies often operate with limited technical resources, Okta Workflows is designed for rapid deployment and easy adoption. The no-code interface enables teams to build and implement identity automation processes without specialized programming skills. Pre-built templates and connectors accelerate time to value while minimizing the technical burden on agency staff. 

The solution is readily accessible through the General Services Administration (GSA) Schedule, providing Federal buyers with a compliant procurement path featuring pre-negotiated pricing and terms. This streamlined approach eliminates lengthy contract negotiations and enables agencies to acquire the tools needed to support their modernization objectives quickly. Carahsoft and Okta have collaborated to ensure the solution is available across major contracting vehicles with pricing structured to deliver optimal value, including: 

  • GSA 
  • Solutions for Enterprise-Wide Procurement (SEWP)  
  • Information Technology Enterprise Solutions (ITES)  
  • 2nd Generation Information Technology (2GIT) 

Supporting the Modern Federal Workforce 

As Government agencies continue their digital transformation journey, the need for sophisticated yet accessible automation tools has become increasingly critical. Okta Workflows provides the foundation for agencies to modernize their identity operations while supporting the broader OneGov vision of unified, efficient Government services. 

The platform’s combination of enterprise-grade security, intuitive automation capabilities and seamless integration with existing Government systems positions it as an ideal solution for agencies seeking to enhance productivity while maintaining strict compliance requirements.  

Ready to transform your agency’s identity management and join the OneGov movement? Contact our Okta team at Carahsoft today or call us at (833) 674-3990 to learn more and take advantage of this limited-time offer. 

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Okta we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Maximize Federal Data Protection with Commvault’s End-of-Fiscal-Year Bundle 

Posted on by
Reply

As Federal agencies approach the final stretch of fiscal year 2025, the challenge of securing comprehensive data security coverage while maximizing remaining budget dollars has become increasingly critical. Commvault has partnered with Carahsoft to deliver a strategic end-of-fiscal-year opportunity that combines substantial cost savings with the highest level of Federal security authorization available in the data protection market. 

Consolidating Data Protection Under a Single Platform 

Federal agencies often work with a range of vendors to meet their diverse data protection needs, which can introduce added complexity, training considerations and operational demands. Commvault’s Data Protection Bundle addresses this challenge by unifying data protection, Active Directory protection and air-gapped data security capabilities under one comprehensive platform. 

This consolidation approach delivers measurable operational benefits that extend beyond cost reduction. Agencies can significantly minimize the time required for deployment and training, reduce management costs and improve their response capabilities during critical events such as ransomware attacks or data loss incidents. When every minute counts in a recovery scenario, having a unified platform can mean the difference between rapid restoration and extended downtime. 

Setting the Security Standard with FedRAMP High Authorization 

Federal agencies operate under stringent security requirements that often limit their technology choices, particularly when handling sensitive or classified information. Commvault distinguishes itself as the only data protection provider to achieve FedRAMP High authorization while maintaining availability across all major cloud platforms. 

This security credential represents the highest level of authorization available for cloud services serving Government customers, demonstrating Commvault’s ability to meet the most demanding Federal security standards. For agencies required to maintain strict compliance protocols, this authorization eliminates the complexity of lengthy security evaluations while ensuring their data protection solution meets or exceeds all regulatory requirements. 

Simplifying Deployment Across Diverse Government Environments 

Government agencies face unique infrastructure challenges, from legacy on-premises systems to modern cloud deployments, often with varying levels of technical resources and expertise. Commvault’s unified platform architecture addresses these challenges by maintaining consistency across all deployment scenarios—whether on-premises, cloud, virtual or physical environments. 

Since the underlying code remains consistent across all implementations, agencies experience significantly reduced deployment times compared to managing multiple vendor solutions. This consistency also translates to streamlined training processes and lower administrative overhead, particularly valuable for agencies with limited technical staff or those supporting geographically distributed operations. 

Leveraging Strategic Procurement Advantages 

The Data Protection Bundle is readily available through General Services Administration (GSA) Schedule contracting, providing Federal buyers with the streamlined procurement process they understand and trust. This availability is enhanced by Carahsoft’s partnership with Commvault to offer additional savings of up to 60% off manufacturer’s suggested retail price (MSRP)—savings that stack on top of existing GSA Schedule discounts that agencies have historically leveraged. 

While the focus remains on end-of-fiscal-year procurement opportunities, Commvault has committed to honoring this pricing structure through the end of the calendar year, providing agencies with flexibility in their planning and implementation timelines. 

Supporting Widespread Federal Adoption 

Commvault’s platform is already deployed across numerous Federal agencies, spanning both Department of Defense (DoD) and civilian organizations. Many of these agencies utilize Commvault to protect shared environments through a single unified platform, demonstrating the solution’s ability to scale across diverse Government requirements while maintaining the security boundaries and operational control that Federal organizations require. 

This existing Federal footprint provides new adopters with confidence in the platform’s proven ability to meet government-specific mandates while offering opportunities for knowledge sharing and best practice development across agency lines. 

Federal agencies looking to strengthen their data protection capabilities while maximizing end-of-fiscal-year budget efficiency should evaluate how Commvault’s comprehensive bundle addresses their mission-critical requirements. With proven FedRAMP High authorization, substantial cost savings and streamlined GSA procurement, this solution offers a strategic pathway to enhanced data security and operational efficiency. 

Visit Commvault’s FedRAMP page to discover how this end-of-fiscal-year opportunity can strengthen your agency’s data protection strategy and deliver significant cost savings. 

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Commvault we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Palo Alto Networks Cortex Cloud™ — Unified Efficiency, Now with Dual FedRAMP Authority

Posted on by
Reply

In a testament to its commitment to secured and streamlined cloud security, Palo Alto Networks Cortex Cloud™ has already achieved FedRAMP High and Moderate authorizations since launching in February 2025. This significant milestone positions Cortex Cloud as the only CNAPP in the FedRAMP Marketplace holding both High and Moderate designations, underscoring its unique ability to cater to the diverse security needs of the U.S. Government.

The Federal Risk and Authorization Management Program (FedRAMP) is the Government’s rigorous standard for assessing, authorizing and continuously monitoring cloud services. By achieving both High and Moderate authorizations, Cortex Cloud demonstrates its adherence to stringent security controls, paving the way for Federal agencies to confidently adopt its innovative platform.

Unlocking Efficiency Through a Unified Security Platform

At a time when Government agencies are prioritizing modernization and efficiency, Cortex Cloud offers a powerful, unified solution. As the next generation of Prisma® Cloud, it transcends traditional, siloed security tools by integrating best-in-class cloud detection and response (CDR) with industry-leading, cloud-native application protection platform (CNAPP) capabilities.

This platform-centric approach delivers measurable benefits:

  • Streamlined Procurement – By choosing Cortex Cloud with FedRAMP High authorization to secure your environment, agencies can bypass the complexities and delays of redundant security assessments.
  • Reduced Complexity and Risk – By integrating security across the entire cloud lifecycle (from code to cloud to SOC) Cortex Cloud eliminates the operational overhead and potential vulnerabilities associated with managing disparate security tools.
  • Enhanced Operational Efficiency – The unified platform provides comprehensive visibility and context, enabling security teams to prioritize risks effectively, automate responses and reduce the mean time to respond (MTTR) to threats.
  • Intelligent Risk Reduction – Cortex Cloud’s cloud posture security capabilities offer agentless visibility and intelligently group-related issues, empowering security teams to focus on the most critical risks with minimal effort.
  • Proactive Threat Prevention – Stop attacks in real time with cloud detection and response (CDR), maintaining the integrity and availability of Government systems, as breaches are prevented before impacting mission-critical operations.
  • Securing the Application Lifecycle – Cortex Cloud’s application security features enable agencies to identify and remediate vulnerabilities in the software supply chain, preventing risks from ever reaching production.

Meeting Diverse Government Needs with a Single, Powerful Platform

The dual FedRAMP High and Moderate authorizations empower Cortex Cloud to address a wide spectrum of Government requirements:

  • FedRAMP High – For the most sensitive, unclassified data where compromise could severely impact national security, economic stability or public safety. Cortex Cloud meets over 400 rigorous security controls for mission-critical applications.
  • FedRAMP Moderate – For Federal information where loss of confidentiality, integrity or availability would have serious adverse effects. Cortex Cloud adheres to over 300 security controls, suitable for a broad range of data, including PII.

Furthermore, Cortex Cloud’s GovRAMP High and Moderate certifications highlight its commitment to serving State and Local Governments with equally robust and efficient cloud security solutions.

Driving Productivity and Cost Savings

The U.S. Government’s focus on maximizing efficiency and productivity aligns perfectly with the benefits offered by Cortex Cloud’s unified platform.

By consolidating security functions and providing intelligent insights, Cortex Cloud helps agencies:

  • Optimize Resources – Security teams can operate more efficiently, focusing on strategic initiatives rather than managing a complex web of point solutions.
  • Improve Security Outcomes – Comprehensive visibility and integrated threat intelligence lead to a stronger security posture and reduced risk of costly breaches.
  • Accelerate Cloud Adoption – Agencies can confidently embrace the scalability and flexibility of the cloud while maintaining the highest security standards.

Cortex Cloud’s FedRAMP High and Moderate authorizations are more than just certifications; they represent a commitment to providing Government agencies with an efficient, unified and highly secure cloud security platform. By streamlining operations, reducing complexity and delivering comprehensive protection, Cortex Cloud empowers the U.S. Government to achieve its modernization goals while safeguarding its most critical assets.

Secured in America. Built for Government.

Headquartered in California, Palo Alto Networks proudly celebrates two decades of cybersecurity innovation and leadership. Across the United States, we employ more than 8,800 people in 49 states with physical offices in California, New York, Texas and Virginia. Championing American production excellence, we assemble all of our hardware firewalls in the United States, with our primary assembly and fulfillment center located in Texas. With over $1.8 billion in annual R&D, Palo Alto Networks is driving continuous innovation to maintain American technological leadership and excellence.

Learn more about our commitment to serve Federal organizations as the Government’s cybersecurity partner of choice.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Palo Alto Networks, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

How AI-Powered Compliance Solutions Are Transforming Regulatory Management for Government Agencies

Posted on by
Reply

Government agencies manage between 12,000 and 40,000 regulatory obligations, with approximately 200 to 250 new regulatory alerts issued globally every day across the financial services sector alone. This escalating complexity is driving agencies to rethink their approach to compliance management, moving away from manual, reactive processes toward intelligent, proactive solutions.

The Overwhelming Scale of Modern Regulatory Compliance

Traditional compliance methods cannot keep up with today’s regulatory demands. In the U.S., the Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA) account for over 5,000 of those obligations. In the future, 74% of organizations anticipate even more regulatory activity, highlighting the rise and complexity of compliance requirements.

The challenge extends beyond just volume to the speed at which regulations evolve and their divergence across jurisdictions. Traditional methods—spreadsheets, siloed systems and manual tracking—leave agencies vulnerable to gaps and inconsistencies that can result in significant penalties and reputational damage.

For Government agencies, the stakes are even higher. They must demonstrate complete adherence to regulatory standards while maintaining public trust through transparency and accountability. This creates additional pressure on compliance teams to meet regulatory requirements in a way that can withstand public scrutiny and audits.

The Hidden Costs of Manual Compliance Operations

Manual compliance processes are costly and inefficient. A 10-person compliance team loses approximately $500,000 annually to manual tasks like monitoring, tagging, mapping and documentation—excluding the costs of fines and remediation. That time could instead be spent on strategic analysis and risk prevention.

A high employee turnover rate of 23% further inflates costs, as onboarding new analysts takes months. By the time they are fully trained, they are often ready to move on from routine tasks, creating a cycle of constant training, development and replacement.

Manual processes also introduce risks such as compliance gaps, failed audits and regulatory penalties. Organizations using manual processes experience 3.2 times more violations than those with automation. These inefficiencies contribute to the expectation that compliance costs will rise 6-9% annually through 2030, making automation a financial necessity.

AI as a Force Multiplier for Compliance Teams

Archer, AI-Powered Compliance Solutions Are Transforming Regulatory Management, blog, embedded image, 2025

Artificial intelligence (AI) serves as a force multiplier that can put the expertise of a 15- or 20-year analyst into the hands of an amateur. By delivering institutional knowledge and step-by-step guidance through complex processes, AI significantly reduces onboarding time for new team members.

Its impact is both immediate and measurable. AI-powered horizon scanning reduces the time analysts spend reviewing regulatory updates from hours to minutes, filtering out up to 95% of irrelevant alerts so teams can focus on the 5% that truly matter. Natural language further enhances efficiency by breaking down complex regulatory text into digestible summaries, helping teams quickly understand and act on new requirements.

Most notably, AI automates obligation extraction from dense regulatory text—a process that manually takes 5.3 hours per obligation and has a 14.6% error rate. AI identifies obligation statements, provides rationale and tags content for routing to the appropriate business units. In doing so, AI not only streamlines workflows but also ensures greater quality and accuracy over time through expert-in-the-loop validation.

End-to-End Lifecycle Management for Regulatory Changes

Modern compliance requires a holistic approach, from identifying regulatory updates to operational implementation and audit readiness. The true value comes from operationalizing these insights into frameworks, policies, controls and measurable testing programs. Yet only 38% of organizations successfully map regulatory changes through to updated controls and audit trails.

Lifecycle management starts with comprehensive horizon scanning and extends through policy governance, control alignment and continuous monitoring. When updates—such as tighter insider trading language—triggers changes, AI flags policy conflicts, creates change requests and ties them directly to relevant citations. This creates a clear audit trail, ensuring that modifications are documented, defensible and properly embedded back into the compliance framework.

AI also strengthens control management by flagging gaps between obligations and controls, identifying conflicts with evolving regulations and static policies—such as a privacy policy’s opt-in age that conflicts with new jurisdictional requirements—and recommending changes before violations occur. This creates a responsive system where regulatory changes automatically drive updates across policies, controls and audits.

Proactive Risk Management Through Intelligent Automation

Shifting from reactive to proactive compliance enables smarter risk management. Intelligent automation identifies potential issues before they become violations and informs decisions about expanding products and services or entering new markets. Instead of months-long manual assessments, agencies can use AI to instantly identify control gaps and readiness. This can speed up service expansion or help agencies determine not to proceed.

Automated insights also enhance leadership decision-making. By combining real-time monitoring with impact analysis, agencies can prepare for regulatory changes instead of responding after implementation deadlines. These capabilities yield real results: organizations leveraging AI-driven compliance systems report a 79% reduction in audit cycle times—from 42 days to nine—and 90% fewer evidence requests from business units.

The future of Government compliance lies in embracing intelligent automation that enhances human expertise rather than replacing it. By implementing AI-powered solutions that can manage the velocity and complexity of modern regulatory requirements, agencies can transform their compliance programs from reactive cost centers into proactive strategic assets.

To learn more about how AI-powered compliance solutions can transform your agency’s regulatory management approach, watch the full webinar “Archer Evolv Compliance” and view the solution brief for a deeper dive into the platform’s capabilities.

* All statistics referenced in this blog are sourced directly from the webinar on which this content is based.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Archer, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Meeting the AI Mandates with Confidence: Why Federal Teams Trust Snyk

Posted on by
Reply

Federal agencies are moving fast to unlock the potential of AI—from improving citizen services to driving mission outcomes. But with all that innovation comes a new wave of complexity and risk.  Security, trust, and transparency can’t be afterthoughts. They need to be part of the build process from day one.  That’s where Snyk for Government comes in—now FedRAMP authorized, we’ve taken it even further with the launch of the Snyk AI Trust Platform May 2025. 

AI isn’t magic. It’s built on code, containers, infrastructure templates, and APIs—and increasingly, it’s generating code on its own, generating 40% more vulnerabilities than human developers. Agencies need to track, fix, and manage continuously.  With Snyk, you can shift left and Secure-by-Design:

  • Spot and fix risks early—automatically and at scale
  • Keep developers moving fast while staying compliant
  • Build AI systems that are secure from the ground up

Meet the Snyk AI Trust Platform

Launched in May 2025, the Snyk AI Trust Platform is the first of its kind: an AI-native, agentic security platform designed for how modern teams build today. It gives agencies the tools to move quickly without compromising trust.

This isn’t just DevSecOps—it’s security built for the era of AI-driven, autonomous software development.

How Snyk is supporting new federal AI mandates

Trusted, Transparent AI Development

As agencies embrace AI, expectations around objectivity and transparency are front and center. Snyk helps teams meet those expectations with tools that focus on real technical risks—not subjective filters.

  • Credible vulnerability intelligence: Sourced from standards-based orgs like CVE, CWE, and NIST
  • Customizable policy enforcement: Agencies stay in full control with Snyk Guard’s real-time, no-bias policy engine
  • Integrated into your pipeline: From GitHub to Terraform to container registries—Snyk fits your workflow, not the other way around

 Scaling Secure AI Infrastructure

New funding and fast-tracked initiatives mean federal developers need security tools that keep up.

  • FedRAMP authorized: Snyk is cleared for use across federal cloud environments
  • Automation where it counts: Agentic tools like Snyk Assist and Snyk Agent surface issues and fix them before they ship

 Building Export-Ready, Trusted AI Systems

As global collaboration increases, secure supply chains are more important than ever. Snyk helps you ship software that’s secure, auditable, and globally trusted.

  • Standards-aligned: Support for SBOMs, AIBOMS, international compliance, and NIST-aligned policies
  • Agentic AI security: Governance that scales to GenAI assistants and LLMs—wherever and however they run
  • Broad ecosystem support: Integrates with the open tools your dev teams already use

Whether you’re modernizing legacy systems, launching new GenAI services, or strengthening cross-agency pipelines, Snyk helps federal teams move fast, stay secure, and build trust into every line of code.

? Ready for a tailored AI readiness assessment?
 Let’s talk: federal@snyk.io

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Snyk, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

F5 AI Assistant Expands with iRules Code Generation for BIG-IP Programmability

Posted on by
Reply

Over the last several months, F5 has rolled out purpose-built AI assistants for F5 Distributed Cloud Services and F5 NGINX One. In February at AppWorld 2025 in Las Vegas, we also offered a preview of F5-powered AI assistant functionality specifically designed for F5 BIG-IP customers, centered on iRules code generation. Today, we’re thrilled to share two exciting milestones: we’re bringing together our AI assistants across the F5 Application Delivery and Security Platform, and availability of iRules code generation.

Managing application delivery and security often feels like solving a puzzle with missing pieces. From writing configurations to searching for answers in scattered documentation, these tasks consume time and energy while leaving teams vulnerable to errors and delays. Repetitive processes like debugging and policy tuning sap creativity, and even the most skilled teams inevitably encounter gaps in expertise that slow progress. These challenges are common, but they don’t have to define your workflows. With purpose-built AI-powered intelligence, teams can simplify these complexities with insights and automation designed to supercharge application delivery and security deployments.

Unification across the platform

To deliver exceptional customer experiences across the F5 Application Delivery and Security Platform, we are bringing our AI assistants into a single F5 AI Assistant. With a consistent user experience, SecOps and NetOps teams can better understand their security posture and exploit the wealth of information at their disposal across the entire platform, reducing the operational complexities of their hybrid multicloud environments.

F5 AI Assistant leverages the F5 AI Data Fabric to deliver intelligence powered by proprietary, purpose-built AI models. Unlike general AI tools, the AI Assistant provides domain-specific expertise, offering precise guidance and actionable insights. From generating iRules to optimizing configurations and improving security postures, it drives enterprise-grade accuracy and contextual relevance while reducing complexity. As part of the F5 Application Delivery and Security Platform, the AI Assistant empowers faster decision-making and measurable outcomes for teams managing modern application and security challenges.

F5 AI Assistant provides a single natural language interface across all three product families of BIG-IP, NGINX One, and Distributed Cloud Services within the F5 Application Delivery and Security Platform.

iRules code generation is now available

F5 iRules are the backbone of customization within the BIG-IP ecosystem, empowering teams to tailor their application delivery and security environments to meet unique needs with unmatched precision and flexibility. Over 85% of BIG-IP customers rely on iRules, which power 70% of all BIG-IP instances globally. These dynamic scripts enable deep interaction with traffic, modifying behavior, optimizing routing, and solving challenges beyond standard configurations. However, iRules can be complex, time-intensive, and, in many cases, persist long after their authors have moved on from the company for which they were written. This level of control requires a tool that can match their importance, a tool designed to enhance their creation, use, and management for today’s scaling enterprises.

We’re excited to announce the availability of iRules code generation within the AI Assistant for our BIG-IP customers. This groundbreaking functionality leverages advanced automation with natural language processing, reshaping how teams build and manage iRules. With models trained using F5’s own expertise, including from our engineering and professional services teams, the AI Assistant simplifies the most complex aspects of iRules management by improving accuracy, reducing effort, and enabling faster security and application decisions. From streamlining workflows to eliminating manual processes, it empowers teams to achieve goals with efficiency, scalability, and innovation.

Explore F5 AI Assistant in action supporting the explanation, generation, and optimization of F5 iRules.

Functionality is categorized into three areas—explain, generate, and optimize:

  • Explain: Gain a deeper understanding of iRules with clear, natural language explanations that break down components, logic, and functionality. This capability bridges knowledge gaps, making iRules accessible to users of all expertise levels while providing actionable insights for better decision-making.
  • Generate: Instantly create secure, validated iRules by describing your needs in natural language. The AI Assistant translates your input into tailored scripts, saving valuable time, reducing errors, and accelerating deployments.
  • Optimize: Debug, troubleshoot, and fine-tune iRules with precision and efficiency. The AI Assistant streamlines complex processes, eliminates manual guesswork, and ensures enhanced performance, reliability, and scalability for your BIG-IP environments.
F5 AI Assistant explains, generates, and optimizes iRules, eliminating the manual guesswork.

The introduction of iRules code generation reinforces AI Assistant as your trusted partner for simplifying, innovating, and scaling BIG-IP environments. By eliminating guesswork, it ensures that teams can address vulnerabilities, maintain consistency, and manage traffic configurations swiftly and effectively.

Begin using F5 AI Assistant

To explore F5 AI Assistant for your organization, refer to our press release and the solution overview detailing iRules code generation and the strategic time-saving value the AI Assistant provides.

Also, be sure to catch all the latest F5 AI news on our Accelerate AI webpage.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including F5 we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

This post originally appeared on F5.com, and is re-published with permission.

How Public Sector Agencies Can Operationalize CISA’s SIEM and SOAR Guidance

Posted on by
Reply

In May 2025, the Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Australian Cyber Security Centre (ACSC), released new executive guidance to help Public Sector leaders effectively leverage Security Information and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) platforms. This guidance aims to strengthen agencies’ cybersecurity by enhancing threat detection, response times and operational efficiencies.

Key Challenges in SIEM and SOAR Implementation

SIEM platforms aggregate and analyze telemetry data from multiple sources, including: endpoints, applications, network devices and cloud environments.

SOAR platforms complement SIEM by automating security workflows, significantly speeding up incident response and reducing alert fatigue. When effectively integrated, these tools enable agencies to centralize security monitoring, automate routine response tasks and improve compliance with cybersecurity mandates.

For all organizations, especially Public Sector organizations, SIEM and SOAR are not just technical tools; they are foundational to building a proactive and time-sensitive cybersecurity posture. These platforms can help agencies increase operational efficiency, reduce alert fatigue and drive compliance with Federal and State cybersecurity mandates.

CISA guidance highlights several common challenges that agencies often encounter when implementing SIEM and SOAR platforms. These include the difficulty of normalizing diverse log data across multiple systems, minimizing false positives that overwhelm analysts and managing the high costs associated with implementation. Agencies also struggle to ensure effective executive oversight of security operations and face ongoing challenges in attracting and retaining qualified cybersecurity talent.

Addressing Challenges with Torq Hyperautomation

Torq Hyperautomation™ directly addresses the implementation challenges faced by Public Sector cybersecurity teams by delivering strategic advantages that legacy SOAR platforms cannot. Unlike traditional solutions, Torq integrates seamlessly with existing SIEM tools to normalize and enrich log data, reduce alert noise and improve the clarity of actionable insights. It leverages AI-driven decision-making to automate dynamic incident response workflows, allowing security teams to respond faster and more precisely.

By combining AI-powered decision logic with adaptive response runbooks, Torq enables organizations to overcome the limitations of legacy SOAR, dramatically improving Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR). This empowers analysts to focus on critical, high-impact threats rather than getting bogged down by repetitive, routine tasks.

Cost-Effective Automation for Resource-Constrained Agencies

Public Sector agencies struggle with resource constraints, and Torq also delivers cost-effective automation. Instead of requiring deep engineering expertise or lengthy integration cycles, Torq offers:

  • Intuitive, no-code and low-code automation capabilities
  • Seamless integrations with existing Federal, State and Local cybersecurity toolsets (endpoint, identity, cloud, firewall)
  • Rapid implementation timelines, ensuring immediate value and reduced costs

Enhanced Executive Visibility and Compliance

From an executive perspective, Torq addresses a crucial component of the CISA guidance: visibility and oversight. Executive dashboards within the platform provide real-time insights into SOC effectiveness, incident trends and automation impact. This visibility enables better budgeting decisions, more effective KPIs and compliance reporting aligned with key security and compliance frameworks.

Real-World Impact

Torq is already delivering substantial results within Public Sector environments.  Torq has enabled SOC teams to automate ransomware response, consolidate multi-environment telemetry and auto-generate compliance artifacts. Whether an agency is modernizing its cybersecurity stack, preparing for audits or trying to do more with fewer analysts, Torq is built to support their journey.

Agencies leveraging Torq have achieved the following:

  • Up to 90% reduction in investigation time
  • 3-5x increase in alert handling capacity with no added headcount
  • 95% of Tier-1 security cases auto-remediated

Taking the Next Step

CISA’s SIEM and SOAR guidance represents a critical shift from reactive cybersecurity practices toward proactive, integrated and automated security operations. As a trusted partner of Carahsoft, Torq is uniquely positioned to help Public Sector agencies rapidly operationalize this guidance. Torq’s scalable, secure and measurable automation platform ensures agencies not only comply with evolving standards but also stay ahead of modern threats.

To learn how Torq can empower your agency’s cybersecurity strategy, request a demo or explore a tailored pilot use case today.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Torq we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Federation Needs a Backbone

Posted on by
Reply

Identity Security has become the engine behind seamless access. It connects users from different domains, agencies or organizations and lets them move between systems with a single set of credentials. That’s powerful—but it’s also risky when left ungoverned.

Let’s get one thing straight: federation is about access. It answers the question, “Can this person log in?” But it stops short of answering what really matters: “Should they still have access?” “To what?” “For how long?” That’s where governance steps in—and why it must be the foundation under every federated architecture.

The Upside of Federation

Federation simplifies identity. It creates a trust bridge between Identity Providers (IdPs) and Service Providers (SPs). Users authenticate once—via their home IdP like Azure AD or Okta—and access multiple applications without managing new credentials for each.

Benefits include:

  • Single Sign-On (SSO) across domains
  • Centralized control of user authentication
  • Protocol interoperability via standards like SAML, OIDC and WS-Fed

And federation hubs—broker trust between many IdPs and SPs—make it scalable. Instead of dozens of custom integrations, each system plugs into the hub. Clean, efficient and fast. But fast access can become fast failure if you don’t govern it!

Access Governance: The Difference Between Access and Control

Federation gets someone in the door. Governance makes sure they belong there—and ensures they leave when they’re supposed to.

Identity Governance manages the full identity lifecycle: onboarding, role changes, access reviews and deprovisioning. It enforces least privilege, flags risky combinations of access (SoD conflicts) and supports audits and compliance frameworks like NIST, SOX or RMF.

Federation can tell you who authenticated. Governance can tell you:

  • Whether that person should have access
  • What access they have across systems
  • Whether that access aligns with policy
  • How that access changes over time

Together, federation and governance form a complete identity security model. Separately, one is fast—and one is safe.

What Happens Without Governance?

An ungoverned federation hub is a highway with no speed limits, no offramps and no cameras. You’re enabling access at scale without oversight.

Here are the risks:

  • Overprovisioned access – Federation alone doesn’t enforce least privilege.
  • Access creep – Users retain access after job changes or departures.
  • Orphaned accounts – No lifecycle hooks to clean up stale identities.
  • Lack of visibility – No way to see what users can do after logging in.
  • No audit trail – Makes compliance reporting a nightmare.
  • Increased insider threat – Privileged access can persist unchecked.
  • Policy misalignment – SAML or OIDC assertions may carry outdated or unverified attributes.

These risks aren’t theoretical. In Federal and defense sectors, unmanaged federation could mean exposing sensitive systems to users who are no longer cleared, or who’ve quietly shifted roles without access being reviewed.

Governance in Action: SailPoint’s Role

SailPoint is not a federation provider. It’s a governance platform that sits on top of your federation layer, giving you full control over identity lifecycles, policies and risk.

SailPoint integrates with both upstream IdPs and downstream apps accessed via the federation hub. It handles:

  • Identity aggregation and normalization
  • Automated provisioning/deprovisioning
  • Policy enforcement (least privilege, SoD, etc.)
  • Access reviews and certifications
  • Risk scoring and contextual enforcement
  • Audit trails and compliance reporting

This governance layer makes sure your federated access is secure, justified and auditable. It aligns your identity strategy with Zero Trust principles—not just who gets in, but why, how and for how long.

Why Governance Must Come First

It’s tempting to view governance as a bolt-on. Something to “get to later” once federation is up and running. That’s dangerous thinking.

Governance is not optional. It’s the foundation.

Without it, every benefit of federation can turn into a vulnerability. That seamless access? Now it’s frictionless exposure. That fast onboarding? Now it’s risky overreach. And every shortcut you take early on becomes technical debt—if not a breach—down the road.

Real-World Example: Federation in Federal Environments

Take the U.S. Department of Defense. Their Enterprise Federation Hub allows identity brokering across agencies, contractors and civilian orgs. It’s fast and powerful—but governance is what makes it secure.

SailPoint is used alongside this hub to:

  • Enforce ABAC using enriched attributes
  • Automate provisioning to systems like ServiceNow and SAP
  • Conduct quarterly access certifications
  • Supply audit logs for compliance frameworks like FIAR and RMF

Without this layer, the Federation Hub would be a sprawling access point with no brakes, no logs and no cleanup.

Bottom Line

Federation gives you the scale. Governance gives you the safety.

One gets people in. The other makes sure they belong.

If you’re building a federated identity ecosystem—whether in the enterprise or in a multi-agency Government context—start with governance. Don’t wait for audit findings or security incidents to add it later. By then, it’s already too late.

Federation needs a backbone. Governance is it.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including SailPoint we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Executive Order on Advancing AI in Education: What Government and Education Leaders Need to Know 

Posted on by
Reply

The recent Executive Order-14277 promotes the inclusion of artificial intelligence (AI) in education and is a significant step toward preparing America’s youth for an AI-driven future. Signed on April 23, 2025, this directive establishes a comprehensive framework for integrating AI literacy and proficiency across the educational landscape.  

As schools explore the benefits of AI, Carahsoft and our partners are here to guide and support their journey. Here are the takeaways that we found most important from the recent Executive Order. 

Task Force on Artificial Intelligence Education 

At the center of this Executive Order is the establishment of a White House Task Force on Artificial Intelligence Education. This cross-agency Task Force is chaired by the Director of the Office of Science and Technology Policy, and features executives from various offices and departments, such as the Director of the National Science Foundation (NSF), the Special Advisor for AI and Crypto and the Secretaries of Agriculture, Labor and Education. The Task Force will coordinate Federal efforts to promote AI in education and implement the policy initiatives outlined in the order. 

These include: 

  • Promoting AI literacy in the workforce and education 
  • Training educators in AI usage 
  • Integrating AI into early education 
  • Creating an AI-ready workforce 

This coordinated approach underscores the Federal Government’s commitment to ensuring students develop the skills necessary to thrive in an increasingly AI-driven economy and society.  

Initiatives for Enhancing K-12 AI Education 

With this Executive Order, schools are encouraged to establish partnerships with leading AI industry organizations, academic institutions and nonprofit entities to develop online resources that will teach K-12 students foundational AI literacy and critical thinking skills. Partnerships will be awarded on a rolling basis, with resources expected to be ready for classroom use within 180 days of the first announced partnerships. 

Additionally, within 90 days of the new Executive Order, the Task Force will establish plans for the Presidential Artificial Intelligence Challenge. This challenge celebrates student and educator achievements in AI, fostering collaboration between Government, academia and industry organizations, such as Varsity Tutors, which empowers students through its AI-powered adaptive learning platform, as well as its ability to recommend personalized tutors.  

Prioritizing Teacher Training and Professional Development 

Recognizing that effective AI education depends on well-prepared educators, the Executive Order directs the Secretary of Education to prioritize AI in discretionary grant programs for teacher training, authorized by the Elementary and secondary Act of 1965. This includes professional development focused on: 

  • Reducing time-intensive administrative tasks 
  • Improving teacher training and evaluation 
  • Integrating AI fundamentals across all subject areas 
  • Providing specialized training in computer science 

AI can reduce the burden on teachers by aiding with management. Platforms such as Degree Analytics and Education Analytics both utilize AI and machine learning to analyze student communications and engagement and provide reports to improve student performance and retention. Gaggle can help by alerting educators and parents of potential safety concerns with social media posts and other student communications, aiding educators in managing students. 
 

Additionally, the NSF is directed to prioritize research on AI in education and create teacher training opportunities that help educators effectively integrate AI-based tools in classrooms. There are a wide variety of AI-based tools for educators to choose from. Nuventive, for example, offers performance improvement platforms with AI-powered analytics for strategic planning in education. YuJa integrates AI for video captioning, analytics and engagement tools, and Turnitin helps educators detect plagiarism and writing patterns. PowerNotes, Docebo and Instructure (a Canvas platform) all feature organizational and learning enhancements for students. Docebo and Instructure (a Canvas platform) all feature organizational and learning enhancements for students. 

The Executive Order extends beyond K-12 education to address workforce development through AI-related Registered Apprenticeships. The Secretary of Labor is directed to increase participation in these programs by establishing specific growth goals with existing discretionary funds in order to support the creation of nationwide program standards. 

Building an AI-Ready Workforce Through Apprenticeships 

States and grantees are also encouraged to use Workforce Innovation and Opportunity Act (WIOA) funding to support AI-based learning opportunities. This component of the Executive Order creates significant potential for collaboration between education institutions, Government agencies and industry partners to develop comprehensive AI workforce development pathways. Some industry partners who have already begun integrating AI for workforce development initiatives are Education Technology, Services and Research (EAB), which uses AI to support student success, and YouScience, which maximizes student success by using AI to analyze a student’s interest and aptitudes and match them with academic pathways.   

The Path Forward 

Educational institutions and Government agencies seeking to capitalize on the opportunities laid out in Executive Order “Advancing Artificial Intelligence Education for American Youth” should begin planning now. Industry tie-ins can enhance education and learning, such as Udemy, which offers content recommendations and delivers AI course content, Invoke Learning, Inc., which leverages AI and data science to improve student outcomes and institution decision-making and Impero Software, which offers AI monitoring features for safeguarding and classroom management. Industry aid can go beyond K-12 education, too. Element451, for example, promotes student engagement and enrollment management in higher education.  

Carahsoft and our ecosystem of technology partners are ready to support this national effort to prepare America’s youth for an AI-driven future. Through our extensive contract vehicles and specialized AI solutions designed for educational environments, we provide the tools and expertise needed to implement the vision outlined in this landmark Executive Order. 

To learn how Carahsoft can help your organization implement the vision laid out in the Executive Order on Advancing AI Education, visit our comprehensive portfolio of AI solutions and discover how our trusted vendors can accelerate your institution’s AI-education initiatives today.