Tag Archives: Department of Defense

Modernizing the Department of Defense’s Authorization to Operate Process For Agility

Posted on by
Reply

What is the National Defense Authorization Act?

Since 1961, the National Defense Authorization Act (NDAA) has authorized funding levels and provided authorities for the U.S. military and other critical defense priorities, ensuring America’s forces have the resources they need to carry out their missions.


Authority to Operate

A barrier that exists for technology companies is obtaining an Authorization to Operate (ATO) for their software applications, services, and or platform capabilities. The ATO process can be challenging, tedious, and unpredictable, with varying costs and timelines. This process is particularly cumbersome and incongruent with the dynamic nature of software deployment. Once the ATO hurdle is cleared, technology companies face their next challenge: continuous monitoring and associated updates. Every major software update must be run through a compliance process. This poses significant challenges for both the software company and the government end-user. It prohibits the timely and continuous resolution of issues and prevents the government from leveraging the latest and most cutting-edge version of an application.

“Presumptive reciprocity” in the context of the National Defense Authorization Act (NDAA) refers to a provision mandating that if one Department of Defense (DoD) authorizing official has approved a cloud-based platform or service as secure, then other DoD officials should automatically accept that assessment without needing to conduct a separate review. Presumptive reciprocity helps lighten the ATO burden and was recently reinforced in Section 1522 of the FY25 NDAA. Enabling another DoD organization to take an ATO for their software application, services, and or platforms from the Air Force Authorizing Official, for example, and having it accepted by the Navy’s Authorizing Official, greatly reduces the burden on both government accrediting officials and the technology company.  Most importantly, the DoD warfighter wins by gaining access to best-in-class capabilities delivered at the speed of relevance, ensuring they can execute their missions effectively.

Second Front Systems DoD Authorization to Operate Blog Chart Image 2025


FY2025 NATIONAL DEFENSE AUTHORIZATION ACT (NDAA) SEC. 1522.

What does the language in Sec. 1522 of the FY25 NDAA on DoD Presumptive Reciprocity entail?

  • Tasks the DoD Chief Information Officer (CIO) to work with Military Department CIOs to develop and regularly maintain a digital directory of all Authorizing Officials (AOs) across the DoD. Specifically, this database will contain current contact information of the AOs AND list training requirements that must be completed to be certified and perform the duties of an AO.
  • Identifies the need to establish a policy for “Presumption of Reciprocal Software Accrediting Standards.” The DoD CIO is tasked with creating and implementing a policy for DoD that would require AOs to adopt security analysis and supporting documentation of cloud-hosted platforms, services, or applications that have been approved by another AO in the DoD.
    • This policy change will allow for more rapid adoption of cloud-hosted platforms, services, or applications at the corresponding classification level (e.g., CUI, Secret, Top Secret) with the existing approval conditions and no further authorization or approval reviews required.
    • The policy will include the following:
      • Standardization of security, accreditation, performance, and operational capabilities of the cloud-hosted platforms, services, and applications;
      • A digital workflow to document acceptance by/among the mission owners and system owners to use the operational capabilities from the cloud-hosted platforms, services, and applications;  and
      • Define an adjudication process with associated timelines that would allow AOs that disagree with using this policy to present their rationale to the DoD CIO or designated entity for reconciliation.
    • The policy applies to the following:
      • ALL AOs in the DoD (Military Department, Defense Agency and Field Activity, and Component).
      • ALL operational capabilities of cloud-hosted platforms, services, and applications that are on public cloud infrastructure and authorized through FedRAMP and DISA AND capabilities in private cloud landing zones managed by the DoD that have been approved by DoD AOs.

The big take away here is that the FY25 NDAA language marks a significant step forward in reducing bureaucratic hurdles for both technology companies and the DoD. By implementing “presumptive reciprocity,” the NDAA streamlines the ATO process, enabling faster adoption of cloud-hosted platforms and services while maintaining rigorous security standards. This policy helps ensure that the DoD can access cutting-edge technology more efficiently, empowering warfighters with the tools they need to execute their missions with speed and precision. As the DoD continues to modernize and adapt to rapidly evolving technologies, these changes pave the way for a more agile, secure, and effective defense ecosystem.


To learn more about Second Front Systems and the National Defense Authorization Act, visit our website and keep up with our latest efforts with the DoD.


Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Second Front Systems, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Navy Customer Executive: WEST 2025: Top 10 Insights on AI, Cybersecurity and More

Posted on by
Reply

Government leaders, military officials and industry professionals gathered at AFCEA’s WEST 2025 conference to discuss the newest technologies, modern networking capabilities and cybersecurity initiatives that enhance operations within the Sea Services. As a technology provider for the Department of Defense (DoD) and industry experts affiliated with the Navy, Carahsoft and its partners are deeply aligned with the goals of the Navy and Sea Services and is committed to providing mission-critical technologies to keep the country safe. Carahsoft and over 90 of our partners, including Adobe, Appgate, Crowdstrike, Docusign, HashiCorp, Hitachi, Qualys and WIZ joined at WEST 2025 to showcase solutions in artificial intelligence (AI), cybersecurity, DevSecOps, Zero Trust and more.  

Check out the action from San Diego, California in our West 2025 recap video!

Here are the top ten insights for the technology industry and Government from this year’s conference.  

1. Artificial Intelligence (AI) in the U.S. Navy

There are many opportunities for AI in the Navy, such as the OpenShip Tool and its usage of OpenAI’s Whisper model to translate incoming communications through the Navy’s Very High Frequency (VHF) radios. Remote monitoring can detect issues with technology and support rapid troubleshooting. AI can also be used to predict turnaround time, helping the workforce choose when to prioritize projects and deliver items on time.  

AI can simplify operations. PMS 406 unmanned Maritime Systems runs the Unmanned Maritime Autonomy Architecture (UMAA), whose architecture creates a low barrier of entry for operation. With AI, update 6.0 of the UMAA and the Navy’s “Replicator initiative,” which works to field hundreds of autonomous systems by August 2025,” every soldier could operate a drone.  

In the session “Fleet AI Deployment,” Lieutenant Artem Sherbinin, the Chief Technology Officer for the U.S. Navy ‘s Task Force Hopper, reviewed the three priority areas for the Navy’s AI usage, which are to: 

  • Outthink adversaries 
  • Enhance administrative work 
  • Maintain goal of keeping 80% of combat surge-ready fleet 

By using AI capabilities, the Navy can empower its acquisition force to act efficiently and quickly. Lieutenant Sherbinin also discussed two upcoming projects. Navy warships produce 150TB of data per warship per day. To manage this massive volume of data, the Navy is building a Warfighting Data and AI Ecosystem. This tool’s requirements are being drafted and will be submitted in the upcoming fiscal year, but currently include components such as data extraction, data processing and sensor updates to ships underway. Vendors should keep an eye out for pre-RFPs and RFI opportunities surrounding this capability.  The second project is a new Commercial Solutions Offering (CSO), the Surface Lethality CSO. This soon to be released solution will be released through the Defense Innovation Unit on AI for Surface Lethality, and will expedite decision-making and enable the Navy to keep ahead of adversaries.  

2. Red Teaming to Improve Cybersecurity

In the session “Leveraging Cloud to Accelerate Unmanned and Autonomous System (UAS) Mission Critical Capabilities,” Allen Mcafee, CTO of Fuse Integration, discussed the desire to increase red teaming—a process for testing cybersecurity by having allied hackers conduct non-threatening breaches—amongst autonomous systems to increase the robust quality of existing programs, especially in the electronic and kinetic fields. Vendors that specialize in cybersecurity solutions for autonomous systems should offer red team services to help solidify UAS security.  

3. The Importance of Maritime Trade to Cybersecurity

In the session “Office of Naval Intelligence Brief,” Rear Admiral Mike Brooks, Commander of the Office of Naval Intelligence (ONI), spoke heavily on the criticality of maritime trade and the effect it has on the posture of the Navy. Chokeholds on shipping ports can hinder the economy, and so ONI is placing further emphasis on gathering intelligence in this area to preserve supply chains.   

4. DISA’s New Cloud-Based Mission Partner Environment

To address logistic challenges, the Defense Information Systems Agency (DISA) developed a mission partner environment within the cloud. This tool acts as a joint sustainment decision tool and will feature an application hosting platform. DISA will initially host this environment, but is looking for commercial partners to host the platform and ensure its accessibility to all allies and partners. 

5. Business Initiatives

The Navy has upgraded its approach to doing business, releasing its Information Superiority Vision (ISV) 2.0. In the initial version, the Navy’s framework for business was “Modernize, Innovate and Defend.” The 2.0 System is: 

Optimize – IT teams can integrate new systems and turn off outdated ones 

Secure – Personnel should think proactively in the design phase, rather than the more reactive “defend” 

Decide – Staff places data into the hands of people who need it 

This new system focuses on being proactive and innovative, integrating a focus on the workforce. Vendors should determine how their solutions fit into one or more of these pillars when marketing their technology and solutions. 

Carahsoft WEST 2025 Blog Embedded Image 2025

The Navy can learn from all types of industries and technology. Former Commander of the U.S. Pacific Command and Former Ambassador to the Republic of South Korea Admiral Harry B. Harris Jr. recounts an example from the 1930s where the Marine Corps struggled to field a landing craft. The solution came from examining a small civilian craft in the local area, showcasing a “Higgins Boat Moment” where the Marine Corps were able to learn from civilian technologies, highlighting the importance of dual-use technology that is prioritized by the DoD. 

Business is fulfilled when employees have bandwidth. In the session “Bringing Enterprise IT to the Edge to Accelerate Innovation,” Captain Kevin White of the PEO C4I PMW/A 170 Navy Communications and GPS Navigation Program discussed how bandwidth can fall into three different categories: morale, business applications and tactical services. When sailors have excellent bandwidth for morale and business applications, they are more efficient tactically.  

The DoD is working on a portal that provides information and education on Small Business Innovation Research (SBIR) and Small Business Technology Transfer (SBTT) programs. This portal assists in creating effective proposals and understanding language and resources. This page, while accessible, is still in development and will continue to be fleshed out in the upcoming weeks.   

6. Renewing Technology

In the session “I’m charged with Putting a Flux Capacitor in a 1995 Mazda,” Brigadier General of the U.S. Marine Corps and Commanding General of the Marine Corps Installations West Nick I. Brown mentions that whether it is power systems or IT, infrastructure needs to be in place to accept new technology. Much of the DoD’s infrastructure is build on legacy systems or is out of date and needs to be replaced or upgraded before advanced solutions can be put in place. The U.S. Marine Corps is looking for vendors to help with new technology instillations and upgrading existing infrastructure, especially on the West coast. The U.S. Navy is allocating funds to achieve similar goals.  It aims to improve its outdated infrastructure and systems to carry out technology initiatives by the Program Executive Office Digital and support the Navy’s culture of excellence.  

In the session “Why Have a Lambo if You Don’t Have the Road?”, Col. Jared Voneida discussed five major areas that DISA is working on: 

  • Building commercial and Government data centers 
  • Improving theater transport and host nation infrastructure 
  • Fortifying existing cybersecurity infrastructure and Defensive Cyberspace Operations-Internal Defensive Measures (DCO-IDM) 
  • Maintaining command and control of the network 
  • Completing initiatives by 2027 

The Colonel also emphasized the need to divest from legacy time division multiplexing (TDM) infrastructure. While AI and machine learning (ML) has a plethora of uses, until AI/ML software divests from TDM infrastructure, DISA cannot utilize it effectively to assist with their network and data. With updated networks and hardware in place, the Navy and DoD can utilize the newest advanced solutions.  

7. IT at the Center of the Workforce 

To meet the rising demand in recruitment, the Navy has released its new enlisting agent, Robotics Warfare Specialist. With cybersecurity being more at the center of safety, the Navy aims to train more sailors in IT. Additionally, the Navy has released a new enlisted rating, Robotics Warfare Specialist, a new job that helps ensure effective planning and control of autonomous systems.  

8. Improving Productivity by Decreasing Troubleshooting

IT and software issues can lead to lost productivity. RAND Corporation, a research and development nonprofit, recently released a report regarding the viral LinkedIn post “Fix Our Computers” that highlighted user experience challenges with IT systems in the DoD. Their report estimated, on the conservative side, $2.5 billion in lost productivity due to IT and software difficulties.  The Sea Services aim to increase the user friendliness of software to decrease the time lost to troubleshooting. In the sessions “Bringing Enterprise IT to the Edge to Accelerate Innovation,” Captain White of the U.S. Navy attributed the largest productivity gaps to IT teams relying on command line programing. Captain White encourages industries to develop more user-friendly systems that do not rely on command lines.   

9. Compliance is No Longer Enough

In the session “DON CIO Perspective,” Navy CIO Jane Rathbun states that while Authority to Operate (ATO) tells you how secure a system is at that point in time, it does not encourage the readiness mindset that is optimal for protecting cybersecurity. Rathbun encourages switching to continuous monitoring and authorizations of systems, rather than stopping at ATO compliance. Rathbun specifically noted threat analysis and continuous monitoring as areas vendors might be assessed on in the future.  

10. DevSecOps Products that Improve Marine Corps Productivity 

The Marine Corps showcased 11 different products manufactured by the software factory product line related to development, security and operations (DevSecOps).  

Check out details on the products below: 

  • MyCareer – Supports the Manpower Management Enlisted Assignments (MMEA) and aids Marines by monitoring conversations, providing a virtual queue and matching partners based on data on marine preferences 
  • ItemEyes – Provides marine units with a digitized inventory 
  • Sensor Processing Analysis Radar Translation Application (SPARTA) – Hosts data from radar, automatic identification system (AIS) and unmanned systems all in one user-friendly interface 
  • CRUSADER – Controls, processes and detects radar information in one easy to use library 
  • Real-time Alerting, Interference Detection & Electromagnetic Reporting (RAIDER) – Provides real-time alerts for anomalies detected in the electromagnetic spectrum 
  • All-domain Electromagnetic and Radio Organic Trainer (AeroT) Helps Marines simulate and visualize their electromagnetic signature 
  • EXODUS – Provides evacuees located abroad with personal services, such as mobile passport processing 
  • TAK Design System – Helps Marines navigate and build plugins for Tactical Assault Kit (TAK) 
  • ReserveHub Enables Marines to find ideal areas when relocating, boosting retention rates 
  • SnapDB Analyzes pictures taken by unmanned aerial systems (UAS) 
  • J-Series Message Library, Government Open-Source (JSML) – Translates code into J-Series 

Through the developing partnerships between the technology industry and Government as well as Carahsoft and our partners, the DoD can streamline in areas such as artificial intelligence, cybersecurity, DevSecOps, compliance and more. These insights from West 2025 illustrate the Navy and Sea Service’s commitment to continual innovation and maintaining the safety of the nation.  

To learn more about cybersecurity and the defense industry, visit Carahsoft’s defense portfolio to explore solutions showcased at AFCEA’s WEST 2025. For additional research into the key takeaways industry and Government leaders presented at WEST, view Carahsoft’s extensive market research brief for a recap.  

CMMC Program Executive: How Defense Industrial Base Organizations Can Prepare for the CMMC Program

Posted on by
Reply

The New CMMC Rule 

The security of each organization that supplies goods or services to the Department of Defense (DoD) is of vital importance to the nation’s cyber resilience. The CMMC Program is a part of a holistic initiative by the DoD and Federal Government to enforce cybersecurity standards for DoD contractors and subcontractors and increase supply chain visibility and resilience overall. FedRAMP has increased the security levels of Cloud Service Providers (CSPs) and Software as a Service (SaaS) companies in the technology supply chain. Within the DoD supply chain, CMMC encourages DIB organizations to raise their cyber maturity and resilience. The Code of Federal Regulations (CFR) Title 32 rule passed its 60-day Congressional review on December 16, 2024, officially launching the new Cybersecurity Maturity Model Certification (CMMC) Program. The last remaining step to operationalizing CMMC is the CFR Title 48 rule, which will allow the Government to implement CMMC requirements into contracts and is estimated to launch this year. Defense Industrial Base (DIB) organizations will begin to see CMMC requirements in their contracts with the DoD and related agencies and must be prepared to demonstrate their compliance with the new regulations.  

In the latest version, DOD contracts will require one of three cyber maturity levels for all prime or subcontractor organizations under a given contract.  During Phase One of the program rollout, DIB organizations will need to provide a self-assessment of their relevant maturity level for the contracts they desire. Then in Phase Two, estimated to begin in 2026, maturity level two contracts will require assessments conducted by a third-party Cyber AB approved C3PAO.  The program will be completely rolled out over four phases.   


Gaining CMMC Compliance 

It will be vital for all organizations to have the relevant level of cyber maturity so that they can continue delivering work, goods and services to the DoD. Whether they are the prime contractor or a subcontractor, defense contractors should expect to see CMMC requirements in their contracts. Prime contractors will pass the maturity level requirements down to subcontractors as a condition of receiving sub-contract work.  

Carahsoft CMMC Rule for DIB Organizations Blog Embedded Image 2025

Since the DoD first announced the CMMC Program, it has been building momentum and communicating the framework of the Program to DIB organizations. While there have been minor changes, the core of the framework has remained consistent over the past four years. DIB organizations that have not begun working on compliance should start immediately so they can deliver a self-assessment in early 2025 or a third-party audit in 2026 if they are a level two contractor. With the limited supply of C3PAOs and CMMC assessors, there will likely be a supply shortage resulting in back logs for scheduling a CMMC assessment. Furthermore, organizations looking to utilize external service providers (ESPs) need to engage with those companies early, as there is a limited supply of available compliant options. Ultimately, gaining CMMC compliance is a critical national security mission. With cyber security and data becoming more paramount to the strength of a nation, protecting the data that resides outside DoD firewalls on contractor networks is imperative. 


Changes to the Contracting World 

CMMC encourages DIB organizations to raise their cyber maturity and resilience. Many DIB customers have begun with self-assessments, engaged with consultants for gap assessments and migrated to Government cloud products. This trend has spread to the civilian side of the Federal Government, as well as to American allies, who have discussed or announced mandatory certification programs modeled on National Institute of Standards and Technology (NIST) standards. But for some small and medium sized businesses, cost is a barrier to gaining CMMC compliance, especially for level two or above. The defense industry has responded to that challenge by innovating and developing more offerings for advisory and consulting services, managed services and purpose-built technology that will help companies accelerate their CMMC journey. This expansion of choice allows for a more ideal fit for each individual company based on its unique environment, considering factors such as in-house talent, available resources and budget.  

It is not just prime contractors that must have the appropriate CMMC certification, but subcontractors as well. They will need the same CMMC maturity level as their prime contractor before storing or processing any Controlled Unclassified Information (CUI) or Federal Contract Information (FCI) as part of a contract delivery. To maintain competitiveness, subcontractors will need to achieve CMMC compliance of their own.  Ultimately, the prime will be responsible for validating the CMMC maturity level of their subcontractors and will need to put in place a process to do so.  

Ultimately, CMMC compliance is a vital contribution to the security of Federal data. Whether an organization is beginning to research CMMC, scoping out the boundaries of their CUI environment, or preparing to remediate the gaps to full compliance, it is a good time to start thinking about CMMC compliance.  


How Carahsoft Can Help 

Carahsoft is a proud part of the cybersecurity industry and the CMMC ecosystem. Gaining CMMC compliance can be a costly and time-consuming process; Carahsoft can guide your organization through all the available options and help make decisions that are best suited to meet your organization’s unique needs. As a value added reseller that represents over 200 cybersecurity technology vendors, and with over 1000 team members focused on our wide breadth of cyber offerings, Carahsoft can support DIB organizations in addressing every CMMC maturity level and capability domain. Carahsoft can foster connections with service providers, subject matter experts and advisory consultants that can help organizations prepare for or execute a CMMC assessment. By tracking policies and trends that align with customer needs, Carahsoft can pair your organization with the right technology to address your needs, as well as offer news, educational material, events and other resources to make an informed decision for CMMC compliance.  

To learn more about gaining CMMC compliance, visit Carahsoft’s CMMC Compliant Products and Services portfolio 

Bridging Identity Governance and Dynamic Access: The Anatomy of a Contextual and Dynamic Access Policy

Posted on by
Reply

As organizations adapt to increasingly complex IT ecosystems, traditional static access policies fail to meet modern security demands. This blog instance continues to explore how identity attributes, and governance controls impact contextual and dynamic access policies—as highlighted previous articles; Governing Identity Attributes in a Contextual and Dynamic Access Control Environment and SailPoint Identity Security The foundation of DoD ICAM and Zero Trust, it examines the role of identity governance controls, such as role-based access (dynamic or policy-based), lifecycle management, and separation of duties, as the foundation for real-time decision-making and compliance. Together, these approaches not only mitigate evolving threats but also align with critical standards like NIST SP 800-207, NIST CSF, and DHS CISA recommendations, enabling secure, adaptive, and scalable access ecosystems. Discover how this integration empowers organizations to achieve zero-trust principles, enhance operational resilience, and maintain regulatory compliance in an era of dynamic threats.

Authors Note: While I referenced the DoD instruction and guidance, the examples in the document can be applied to the NIST Cybersecurity Framework, and NIST SP 800-53 controls as well. My next article with speak specifically to the applicability of the DHS CDM MUR and future proposed DEFEND capabilities.


Defining Contextual and Dynamic Access Policies

Contextual and dynamic access policies adapt access decisions based on real-time inputs, including user identity, device security posture, behavioral patterns, and environmental risks. By focusing on current context rather than static attributes, these policies mitigate risks such as over-provisioning or unauthorized access.

Key Features:

  • Contextual Awareness: Evaluates real-time signals such as login frequency, device encryption status, geolocation, and threat intelligence.
  • Dynamic Decision-Making: Enforces least-privilege access dynamically and incorporates risk-based authentication (e.g., triggering MFA only under high-risk scenarios).
  • Identity Governance Integration: Leverages governance structures to align access with roles, responsibilities, and compliance standards.

The Role of Identity Governance Controls

Identity governance forms the backbone of effective contextual and dynamic access policies by providing the structure needed for secure access management. Core components include:

SailPoint Bridging Identity Governance Blog Embedded Image
  • Role-Based Access Control (RBAC), Dynamic/Policy-based: Defines roles and associated entitlements to reduce excessive or inappropriate access.
  • Access Reviews: Ensures periodic validation of user access rights, aligning with business needs and compliance mandates.
  • Separation of Duties (SoD): Prevents conflicts of interest by limiting excessive control over critical processes.
  • Lifecycle Management: Automates the provisioning and de-provisioning of access rights as roles change.
  • Policy Framework: Establishes clear baselines for determining who can access what resources under specific conditions.

Balancing Runtime Evaluation and Governance Controls

While governance controls establish structured, policy-driven access frameworks, runtime evaluations add the flexibility to adapt to real-time risks. Together, they create a layered security approach:

  • Baseline Governance: Sets foundational access rights using role-based policies and lifecycle management.
  • Dynamic Contextualization: Enhances governance by factoring in real-time conditions to ensure access decisions reflect current risk levels.
  • Feedback Loops: Insights from runtime evaluations inform and refine governance policies over time.

Benefits of Integration

By combining governance controls with contextual access policies, organizations achieve:

  • Enhanced security through continuous evaluation and dynamic risk mitigation.
  • Improved compliance with regulatory frameworks like GDPR, HIPAA, and NIST standards.
  • Operational efficiency by automating access reviews and reducing administrative overhead.

The integration of contextual and dynamic access policies with identity governance controls addresses the dual needs of flexibility and security in modern cybersecurity strategies. By combining structured governance with real-time adaptability, organizations can mitigate risks, ensure compliance, and achieve a proactive security posture that aligns with evolving business needs and regulatory demands. This layered approach represents the future of access management in a rapidly changing digital environment.


To learn more about how SailPoint can support your organization’s efforts within identity governance, cybersecurity and Zero Trust, view our resource, “The Anatomy of a Contextual and Dynamic Access Policy.”


Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including SailPoint, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Governing Identity Attributes in a Contextual and Dynamic Access Control Environment

Posted on by
Reply

In the rapidly evolving landscape of cybersecurity, federal agencies, the Department of Defense (DoD), and critical infrastructure sectors face unique challenges in governing identity attributes within dynamic and contextual access control environments. The Department of Defense Instruction 8520.04, Identity Authentication for Information Systems, underscores the importance of identity governance in establishing trust and managing access across DoD systems. In parallel, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (DHS CISA) guidance and the National Institute of Standards and Technology (NIST) frameworks further emphasize the critical need for secure and adaptive access controls in safeguarding critical infrastructure and federal systems.

This article examines the governance of identity attributes in this complex environment, linking these practices to Attribute-Based Access Control (ABAC) and Role-Based Access Control (RBAC) models. It highlights how adherence to DoD 8520.04, CISA’s Zero Trust Maturity Model, and NIST guidelines enable organizations to maintain the accuracy, security, and provenance of identity attributes. These efforts are particularly crucial for critical infrastructure, where the ability to dynamically evaluate and protect access can prevent disruptions to essential services and minimize security risks. By integrating these principles, organizations not only achieve regulatory compliance but also strengthen their defense against evolving threats, ensuring the resilience of national security systems and vital infrastructure.

SailPoint Governing Identity Attributes Blog Embedded Image 2025

Importance of Governing Identity Attributes

Dynamic Access Control

In a dynamic access control environment (Zero Trust), access decisions are made based on real-time evaluation of identity attributes and contextual information. Identity governance plays a pivotal role in ensuring that these attributes are accurate, up-to-date, and relevant. Effective identity governance facilitates:

  • Real-time Access Decisions: By maintaining a comprehensive and current view of identity attributes, organizations can make informed and timely access decisions, ensuring that users have appropriate access rights based on their roles, responsibilities, and the context of their access request.
  • Adaptive Security: Identity governance enables adaptive security measures that can dynamically adjust access controls in response to changing risk levels, user behaviors, and environmental conditions.

Attribute Provenance

Attribute provenance refers to the history and origin of identity attributes. Understanding the provenance of attributes is critical for ensuring their reliability and trustworthiness. Identity governance supports attribute provenance by:

  • Tracking Attribute Sources: Implementing mechanisms to track the origins of identity attributes, including the systems and processes involved in their creation and modification.
  • Ensuring Data Integrity: Establishing validation and verification processes to ensure the integrity and accuracy of identity attributes over time.

Attribute Protection

Protecting identity attributes from unauthorized access, alteration, or misuse is fundamental to maintaining a secure access control environment. Identity governance enhances attribute protection through:

  • Access Controls: Implementing stringent access controls to limit who can view, modify, or manage identity attributes.
  • Encryption and Masking: Utilizing encryption and data masking techniques to protect sensitive identity attributes both at rest and in transit.
  • Monitoring and Auditing: Continuously monitoring and auditing access to identity attributes to detect and respond to any suspicious activities or policy violations.

Attribute Effectiveness

The effectiveness of identity attributes in supporting access control decisions is contingent upon their relevance, accuracy, and granularity. Identity governance ensures attribute effectiveness by:

  • Regular Reviews and Updates: Conducting periodic reviews and updates of identity attributes to align with evolving business needs, regulatory requirements, and security policies.
  • Feedback Mechanisms: Establishing feedback mechanisms to assess the effectiveness of identity attributes in real-world access control scenarios and make necessary adjustments.

Risks Associated with ABAC and RBAC

ABAC Risks

ABAC relies on the evaluation of attributes to make access control decisions. While ABAC offers flexibility and granularity, it also presents several risks:

  • Complexity: The complexity of managing a large number of attributes and policies can lead to misconfigurations and errors, potentially resulting in unauthorized access or access denials.
  • Scalability: As the number of attributes and policies grows, the scalability of the ABAC system can be challenged, affecting performance and responsiveness.
  • Attribute Quality: The effectiveness of ABAC is heavily dependent on the quality of the attributes. Inaccurate, outdated, or incomplete attributes can compromise access control decisions.

RBAC Risks

RBAC assigns access rights based on predefined roles. While RBAC simplifies access management, it also has inherent risks:

  • Role Explosion: The proliferation of roles to accommodate varying access needs can lead to role explosion, complicating role management and increasing administrative overhead.
  • Stale Roles: Over time, roles may become stale or misaligned with current job functions, leading to over-privileged or under-privileged access.
  • Inflexibility: RBAC may lack the flexibility to handle dynamic and context-specific access requirements, limiting its effectiveness in modern, agile environments.

Importance to a Zero Trust Model

The Zero Trust model is predicated on the principle of “never trust, always verify,” emphasizing continuous verification of identity and context for access decisions. Governing identity attributes is integral to the Zero Trust model for several reasons:

  • Continuous Verification: Accurate and reliable identity attributes are essential for continuous verification processes that dynamically assess access requests in real-time.
  • Context-Aware Security: By governing identity attributes, organizations can implement context-aware security measures that consider a wide range of factors, including user behavior, device health, and network conditions.
  • Minimizing Attack Surface: Effective governance of identity attributes helps minimize the attack surface by ensuring that access rights are tightly controlled and aligned with current security policies and threat landscapes.

Governing identity attributes is a cornerstone of modern access control strategies, particularly within the dynamic and contextual environments that characterize today’s IT ecosystems. By supporting dynamic access, ensuring attribute provenance, protection, and effectiveness, and addressing the risks associated with ABAC and RBAC, identity governance enhances the security and efficiency of access control mechanisms. In the context of a Zero Trust model, the rigorous governance of identity attributes is indispensable for maintaining robust and adaptive security postures, ultimately contributing to the resilience and integrity of organizational systems and data.

To learn more about SailPoint’s cybersecurity capabilities and how it can support mission-critical DoD initiatives, view our technology solutions portfolio. Additionally, check out our other blog highlighting the latest insights into “The Role of Identity Governance in the Implementation of DoD Instruction 8520.04”.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including SailPoint, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Join Fellow Change Agents and Innovators at Prodacity 2025

Posted on by
Reply

With change on the horizon, Federal organizations are re-evaluating legacy processes for software development in order to deliver new and better software to Americans. They’re taking bold action and transforming organizations into continuous software delivery innovators. 

In honor of these government IT change agents, Rise8 is hosting Prodacity 2025 in Nashville, TN on February 4-6. Over three days, Prodacity will bring together technology leaders at every level to learn, discuss, experiment, problem-solve and build transformative solutions that change constituents’ lives. 

The agenda for Prodacity 2025 is packed with expert-led sessions and practical insights tailored to give attendees a complete perspective on effectively implementing continuous delivery. Software development requires more than development expertise; it calls for strategic thinking, an understanding of culture, sound governance and product management skills. Prodacity 2025 attendees will learn about and experience all this and more.  

Each day will focus on different phases of continuous delivery. On day one, attendees will learn about setting a strategic direction for continuous innovation. Day two will be all about mastering tactics for continuous improvement. On day three, attendees will identify where to start with practical steps to drive transformation. 

Speaking of Transformation 

Prodacity 2025 will feature an impressive lineup of speakers from both the private and public sectors. Notable speakers include: 

  • KEYNOTE: Barry O’Reilly, entrepreneur, business advisor and author – Barry is an expert on model innovation, product development, cultural transformation and organization design. At Prodacity 2025, he will speak on why we need a system for unlearning. He co-founded Nobody Studios, a venture studio to create 100 compelling companies over the next five years. His bestselling book, Lean Enterprise: How High-Performance Organizations Innovate at Scale, is the subject of a pre-conference book club. 
  • Justin Fanelli – Mr. Justin Fanelli is the Acting CTO for the Department of Navy and Technical Director of PEO Digital, driving mission-critical IT transformations and cost-efficient innovations. He has held key roles including Chief Data Architect for Defense Health and Technical Director for Navy MPTE, earning accolades like the Etter Award for impactful service delivery and multi-billion-dollar cost savings. A DARPA Service Chiefs Fellow, he has led groundbreaking advancements in healthcare data systems and Navy enterprise solutions. Outside work, Mr. Fanelli teaches at Georgetown, advises startups and contributes to nonprofits like TechImpact.  
  • Paul ContoverosMr. Paul Controveros is the Chief of the Combat Force Enhancement Division at Space Operations Command in the for the U.S. Space Force where he leads all support to Deltas’ Combat Development Teams and Supra Coders. He also leads a team of professional software developers charged with delivering digital tools to the force. Upon retiring from the USAF with 26 years of military service, Mr. Contoveros worked as a contractor supporting the HQ AFSPC S5/9 Advanced Capabilities Team, which morphed into the Directorate of Innovation upon the standup of HQ SpOC. In this role he created the monthly Delta Innovation Collaboration Exchange (DICE), authored the Accelerated Delta Innovation Process (ADIP) and co-authored the command’s first ever, nearly completed, Innovation Operations Instruction. Mr. Contoveros joined the government team in July of 2023 as Director of Innovation, re-branded as the Combat Enhancement Division as part of the SpOC re-organization in 2024. 
  • Alistair Croll, author, founder and chair – Alistair is the author of Lean Analytics, widely considered required reading for startups and Just Evil Enough. He is also the chair of FWD50, a growing community of policymakers, technologists and civic innovators. Drawing on his experience as the builder of web performance pioneer Coradiant and Year One Labs incubator, Alistair will educate Prodacity attendees on MVPs for enterprises.  
  • Edward Hieatt, Mechanical Orchard – Edward serves as Chief Customer Officer, helping enterprises overcome legacy modernization challenges. As a seasoned software engineer, Edward previously worked at Pivotal Labs and played a significant role in its growth, leading the rapid expansion of the technical field organization. His Prodacity talk will provide attendees with a perspective on real continuous delivery.  

Join us at Prodacity 

Carahsoft is thrilled to sponsor Prodacity 2025. We look forward to working alongside the speakers, representatives, attendees and all change agents seeking to disrupt government technology’s status quo. 

Please join us February 4-6, 2025, in Nashville, TN. Learn more and register here. Prodacity will be unlike any other government event you’ve attended—it is the GovTech symposium of the year. 

The Role of Identity Governance in the Implementation of DoD Instruction 8520.04

Posted on by
Reply

On September 3, 2024, The Department of Defense (DoD) released Instruction 8520.04, titled “Access Management for DoD Information Systems,” that serves as a foundational policy guiding the secure and efficient management of access to DoD information systems. The instruction mandates protocols for managing access across various environments, including military networks and systems used by both person entities (PEs) and non-person entities (NPEs) such as devices, applications, and automated processes. At the core of this policy is the principle of identity governance, which is essential for ensuring that access to sensitive systems and data is granted, monitored, and revoked based on verified identity attributes and defined security policies.

In the dynamic cybersecurity landscape, the concept of identity governance refers to the frameworks and processes that manage the lifecycle of digital identities. This includes the creation, management, and deletion of user accounts as well as the provisioning and de-provisioning of access rights based on a combination of user attributes, roles, and organizational policies. Identity governance is critical for compliance with the DoD’s Zero Trust Architecture, as outlined in the DoD Zero Trust Strategy. It emphasizes least privilege, continuous verification, and dynamic access control, all of which are key components of DoD Instruction 8520.04​.

The policy serves as maturation of the departments ICAM initiatives over the past few years and highlights some key concepts that need to be adopted across the departments ecosystem. Here are some key examples of how identity governance aligns with and strengthens this policy:

1. Access Control and Provisioning

One of the primary elements of identity governance is the effective provisioning and de-provisioning of access. This aligns with Section 4 of DoD Instruction 8520.04, which mandates that access to systems be carefully controlled through explicit or dynamic mechanisms. Explicit access involves manually provisioning access rights to specific users, which must be meticulously documented and approved by system or resource owners. On the other hand, dynamic access relies on real-time attribute verification to grant or deny access based on the most current information available, such as the user’s role, location, or security clearance​.

SailPoint Identity Governance for the DoD Blog Embedded Image 2024

Identity governance solutions play a crucial role in these processes by automating provisioning and de-provisioning based on predefined policies. When a user’s role changes or they leave the organization, governance systems automatically adjust access rights, ensuring compliance with de-provisioning requirements. This automatic adjustment helps prevent orphaned accounts—user accounts that are no longer needed or authorized—which can pose serious security risks if left unmanaged.

2. Authoritative Attribute Services

DoD Instruction 8520.04 emphasizes the importance of authoritative attribute services (AAS) in maintaining the accuracy, integrity, and security of identity attributes used in dynamic access decisions. Identity governance frameworks are designed to integrate with these authoritative services, ensuring that identity attributes such as security clearance levels, employment status, and role-based entitlements are accurate and up-to-date. This enables the DoD to enforce dynamic access control based on real-time identity data​.

For example, a DoD system that relies on dynamic access might check a user’s current security clearance, job function, or location in real time before granting access to a sensitive file or system, or assign a critical role. These checks are enabled by robust identity governance systems that pull data from authoritative attribute services and apply organizational policies to ensure that access is only granted to those who are fully authorized and meet the predefined criteria.

3. Least Privilege and Separation of Duties (SoD)

The concept of least privilege—granting users the minimum level of access necessary to perform their duties—is another foundational principle of both identity governance and DoD Instruction 8520.04. In Section 4.2 of the instruction, system and IT resource owners are required to document and implement explicit access policies that adhere to least privilege standards. Furthermore, systems must implement SoD controls to prevent a single user from having conflicting roles, such as both creating and approving financial transactions​.

Identity governance frameworks are uniquely equipped to manage SoD by automating the assignment of roles and enforcing policies that prevent users from being granted conflicting privileges. Governance solutions continuously monitor user access and provide alerts if SoD violations occur. By integrating these capabilities with the DoD’s access management protocols, identity governance helps ensure that users cannot escalate their privileges or circumvent access controls, thereby reducing the risk of insider threats and security breaches.

4. Continuous Auditing and Compliance

Continuous auditing and monitoring of user access is a critical requirement under DoD Instruction 8520.04, particularly for privileged users. Identity governance solutions enable DoD components to implement robust audit trails that track every access request, change in privileges, and system interaction. This is particularly important for IT privileged users—those with elevated access to critical systems and sensitive data—who require enhanced monitoring to detect and respond to suspicious activity​.

Through the use of identity governance tools, DoD organizations can enforce periodic access reviews, as mandated by the instruction, to ensure that users only have the access they need and that privileged access is justified and properly documented. These reviews are automated and documented within governance systems, reducing the manual workload on administrators and enhancing the overall security posture by ensuring compliance with regulatory requirements.

5. Integration with Zero Trust Architecture

The DoD Zero Trust Strategy emphasizes the need for continuous verification of users and devices as they request access to systems and data, rather than assuming trust based on their presence inside the network perimeter. Identity governance systems are integral to the implementation of Zero Trust principles within the DoD, as they enable real-time verification of identity attributes and ensure that access is granted only after all conditions are met​.

For instance, an identity governance system might check not only a user’s identity but also their security status, the network they are using, and the time of the access request before enabling access to sensitive data. This multi-layered approach to access control ensures that even if one security measure is compromised, others are in place to protect critical resources.

In Conclusion

Identity governance is a foundational element of the DoD’s efforts to secure access to information systems under DoD Instruction 8520.04. By providing a structured approach to managing digital identities, provisioning access, enforcing least privilege and separation of duties, and maintaining continuous auditing and compliance, identity governance systems enable the DoD to meet the stringent security requirements laid out in the instruction. Furthermore, identity governance is a critical enabler of the DoD’s shift toward a Zero Trust Architecture, ensuring that access to sensitive systems is dynamically controlled based on real-time identity attributes and organizational policies.

As cyber threats continue to evolve, the integration of identity governance with access management protocols like those found in DoD Instruction 8520.04 will be crucial in maintaining the security and integrity of the DoD’s information systems and the data they protect.

For a details of how SailPoint Identity Security supports the departments current ICAM and Zero Trust initiatives, and specifically how the capabilities of the platform align with the requirements of the policy, please download the report here.

The Evolution of Technology in the Defense Industry at DoDIIS

Posted on by
Reply

Innovation in Government benefits the changing and growing needs of the nation, and the Department of Defense (DoD) leads the way in both innovation and security. The Department of Defense Intelligence Information System (DoDIIS) is a conference for the nation’s top military and technology specialists to share insights revolving around the show’s theme – ‘Chaos to Clarity: Leveraging Emerging Technologies.’ Fed Gov Today joined Carahsoft on the show floor to discuss IT and OT updates, artificial intelligence (AI) and machine learning (ML) and priority technology updates with military thought leaders.

Departmental Shift to Information Technology

Carahsoft DoDIIS Defense Recap Blog 2023 Embedded Image 2024The DoD aims to refresh technology and standardize user experience across the department as a response to employee feedback. These standards are partially inspired by Zero Trust models and codifying existing standards. Through the implementation of office management and hiring defense digital service experts, agencies will update hardware and endpoints, refresh outdated technology and enhance overall IT capabilities. Executing these standards will require time and financial resources, and to properly utilize all acquired resources, a new generation of industry professionals will need to be onboarded. By building off effective processes from previous initiatives and hiring new talent that is optimally suited for these processes, the department can make strides in software such as cloud computing, generative AI and Zero Trust. The introduction of the Joint Operational Edge Cloud (JOEC) is also critical in accelerating cloud computing for combat tactical edge usage during the interim shifts in technology. At record speeds, the DoD must move from hardware defined enterprise towards modifying software.

AI Evolution

While AI is in its infancy, prototypes show a promising and interesting future where machines are trained to complete work. With more than 1,200 AI applications across civilian agencies, and various similarities and differences in the way AI is used by Government and commercial agencies, there is a lot the Federal sphere can learn from commercial agencies. In the private sector, companies tend to build back-end architecture for AI, providing fast access to all data. The Federal Government can optimize this plan by automating AI/ML to gain tactical advantage against machine adversaries. AI can also aid in predicting component failure. This helps agencies get hardware and software back on track as soon as possible, as well as help with mission planning. The private sector offers a myriad of ideas the Government can leverage for efficiency, such as AI in healthcare, sustainable energy and creative component and finance management.

DIA Initiatives

The Defense Intelligence Agency (DIA), a service provider on behalf of the defense industry, has a comprehensive IT strategy made up of five key priorities:

  1. Among both classified and unclassified networks, the DoD should implement top secret connection.
  2. With the transition to working from home, employers must enable workplace inclusivity through technology, especially for employees with disabilities.
  3. Enable workers to access data applications from one fully integrated place by consolidating network systems, such as desktop environments.
  4. As internally shared information becomes more complex, the DIA must update technology to strengthen intelligence sharing.
  5. Authorize worldwide connectivity for the Joint Worldwide Intelligence Communications System (JWICS), the DoD’s house for sensitive information. This means a reliable and secure connection regardless of environment and its proximity to data centers.

By maintaining pace with world class technology such as the cloud and AI, the DoD will lead the nation in secure communication and strategies.

Check our more resources, interviews and highlights from the event floor at DoDIIS at FedGovToday.com.

Revolutionizing Communication with 5G

Posted on by
Reply

As technology progresses, communication is revolutionized worldwide. To maintain pace with cybersecurity and technology standards, the United States Government can utilize the transformative features of 5G, the fifth-generation global wireless technology standard for cellular networks.

Transforming Network Standards with O-RAN

With the development of Open Radio Access Networks (O-RAN,) a feature that allows interoperability between cellular network equipment providers, the development and integration of 5G has greatly expanded. The role of O-RAN has important applications in the Department of Defense (DoD), whose goal is to promote national and economic security. By integrating 5G networks into the defense sector, different departments can quickly communicate with each other. With the usage of O-RAN and 5G combined, agencies have a much larger, diverse ecosystem of vendors to choose from.

As with any new feature, there are costs to the implementation process. In the 2021 National Defense Authorization Act, Congress put aside $1.5 billion dollars which is being utilized to develop a unified vision and strategy towards O-RAN and 5G. The congressional statutory language calls out seven big-picture objectives, most of which are centered around promoting the deployment of 5G. These are to:

  1. Add network virtualization
  2. Authorize new security features
  3. Accelerate the development of technology
  4. Promoting the deployment of 5G within the DoD
  5. Develop standards to enable a multi-vendor ecosystem
  6. Create open, interoperable telecommunication networks
  7. Allow interoperability to manage multi-vendor situations

While the act provides ten years to carry out its strategy, these standards should be added as soon as possible due to the fast-paced development of technology.

Aiding the DoD

Carahsoft 5G Summit Recap Blog Embedded Image 2023The DoD and 5G form a mutually beneficial relationship. 5G is created with security built in, so an investment in 5G is an investment in cybersecurity. By utilizing 5G at bases, the DoD can test its capabilities, as well as streamline and amplify the effectiveness of non-combat operations. This can include supply chain efficiency, large scale IoT networks, asset tracking and logistics management all while reducing costs. In return, the DoD tests and further funds 5G. The addition of 5G can provide lower mission costs, enhanced speed and provide higher quality operations. It also factors in risk reduction to each operation, by taking the cumbersome human process out of the equation and making certain operations less complex.

For the DoD, the key motivations in testing and using 5G are threefold. One, it aims to achieve streamlined and functioning interoperability, where individuals can handle operations from a single tablet. Two, it aims to reduce the amount of manual handling in operations. Since 5G has the latency to compute such artificial intelligence (AI) and machine learning (ML) capabilities, it can perform time consuming tasks such as perimeter security. And three, the usage of 5G allows the DoD to gather data about 5G to utilize predictive analytics in the future.

The Future of 5G

There is more that 5G can do for military applications. With the advantage of 5G, there may be a paradigm shift in the usage of private wireless and on-demand communication. One of the biggest advancements of using 5G in a military context is the flexibility that comes with 5G being cloud native. 5G provides more capacity than traditional Wi-Fi or hotspots as it focuses on transport networks. With 5G, international communication could be streamlined, as frequency coordination between departments and consumers would no longer be required. 5G comes with the benefits of mobile edge computing and being O-RAN compliant, meaning it is up to Federal standards. This could even be helpful in residential rural and remote environments, where internet and satellite access is limited. There have been tests across various United States bases, aiming to utilize ML to tailor 5G to each user’s needs. To get these features, consistent testing is vital, even if it is not immediately profitable.

With all the changes to the way combatants use technology, it is important to enable the military to integrate 5G operations. By codifying new strategies and usage methods, agencies can reference, read and follow through with new procurements. With the addition of 5G, communication within the DoD and nation can be revolutionized in nearly unimaginable ways.

 

Visit Carahsoft’s 5G technology solutions portfolio to learn more about Carahsoft’s 5G Summit event and how we, along with our partners, can leverage the best and most reliable services to support your organization’s 5G mission.

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at Carahsoft’s annual 5G Conference.*

Transitioning Towards a Sustainable Healthcare Mindset at DHITS 2023

Posted on by
Reply

Since the Defense Health Agency (DHA) oversees the entire military health system, it knows how important it is for members of the military and their doctors to be able to access medical records quickly and universally. In August 2023, the DHA hosted the Defense Health Information Technology Symposium (DHITS) where military health system (MHS) stakeholders discussed its newest asset– the Military Health System (MHS) Genesis. With the creation of this universal health record database, military members’ health records can easily be accessed, whether they are active-duty or not. Currently being rolled out in waves, the MHS Genesis plans to expand health records accessibility between different military branches.

Benefits from MHS Genesis

While still new, the MHS Genesis already shows improvements in several areas which include:

  • Enterprise and Cultural Interoperability: Some doctors may have different views or standards than others. This universal system makes patient files easily accessible to any doctor, regardless of military branch or practice. Now, the IT systems and Electronic Health Records (EHR) work together seamlessly. Different military branches will be able to use the same uniform system when it comes to accessing patient files and records, making the job easier for both patients and doctors.
  • Patient-Centric Care: With the MHS Genesis technology enhancements, it is now easier than ever to meet patients at their home on a Tuesday through telehealth. Telehealth is especially important within the military to give patients flexibility in choosing appointments as well as requesting information or gaining access to their medical records.
  • System and Process Automation: Medical professionals struggle with the global constraint of time. The MHS enables providers to automate tasks, saving time on things like paperwork and allowing for more one-on-one patient care.

Carahsoft Healthcare at DHITS Tradeshow Blog Embedded Image 2023Next Steps for the MHS

Currently, the entire DoD is at an 86% implementation rate for the MHS Genesis. It is actively being used in all DHA locations in the U.S. with plans to incorporate the universal health record system into the remaining treatment facilities outside of the United States by the end of 2023.

As leaders within the MHS continue their journey into modernization and sustainability, it is important that they equip people with the right knowledge and skills to be able to deliver their future vision of what military medicine should look like. The number one purpose of this emerging technology is to ensure the medical readiness of the military. The MHS Genesis will help guarantee that this stays a top priority, as it creates better access to information and helps deliver that information to the decision makers. Using Artificial Intelligence (AI) in medical settings is an exciting development that will help with diagnosing, personal assistants, risk analysis, forecasting and more. Through AI support, doctors will be able to spend more time on their patients and less time on large amounts of paperwork.

While the implementation of the MHS Genesis has been a success, all branches of the DoD must continue to communicate and collaborate openly and effectively. They must also involve other stakeholders by breaking down data silos and sharing freely what does and does not work in an enterprise setting. This will ultimately help with addressing public health challenges, ethically using AI in a medical setting, cybersecurity and more.

The MHS journey coincides with changing the deployment approach to a “sustainment” mentality. A sustainment mindset involves focusing on:

  • Optimization of user experience: Seeking feedback and continuing to adjust the technology to enhance user experience
  • Scalability: Scaling the success and implementing the changes across the enterprise if success is found with one configuration setup
  • Standardization: Creating a standard vocabulary and process for enterprise usage, so people communicate with the same terminology across the MHS

At the end of the day, the most important thing is that patients receive the care they need. Through the MHS Genesis and the IT solutions discussed at DHITS, the MHS hopes to greatly boost patient experiences, increase trust in the military health system, reduce healthcare provider burnout and give patients and clinicians access to data in real-time.

 

Visit Carahsoft’s Department of Defense and Healthcare solutions portfolios to learn more about DHITS 2023 and how Carahsoft can support your organization in these critical marketplaces.

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at DHITS 2023.*