Understanding CMMC: A Roadmap for Federal Contractors

Posted on by Jeff Ladner

The Department of Defense (DoD) recently announced new cybersecurity compliance mandates for contractors and subcontractors in the DoD’s supply chain. Private companies that process, store or transmit DoD data are now required to comply with the Cybersecurity Maturity Model Certification, or CMMC.

The new mandate impacts every private company that handles Federal Contract Information (FCI) or Controlled Unclassified Information (CUI). That’s a large group: According to the DoD’s own estimation, at least 220,000 private companies currently have access to FCI and CUI and require CMMC certification.

Because the CMMC is relatively new, some organizations may be struggling to understand their obligations. Learn more about exactly what the CMMC is and what steps organizations should take right now to be prepared for audits and remain eligible for DoD contracts.

What Is CMMC?

CMMC is the cybersecurity compliance structure used by the Department of Defense. High-profile security breaches like Solar Winds highlighted the need for rigorous data protection throughout the DoD supply chain. The DoD implements the CMMC framework to vet potential contractors and subcontractors and protect against third-party data breaches.

There are three CMMC certification levels: 1, 2 and 3. The different levels correspond to the degree of sensitive information being handled. All companies that contract with DoD need to have at least Level 1 CMMC, while companies that handle more sensitive information will need to have Level 2 or Level 3 cybersecurity compliance certifications.

Recent Changes to CMMC

The CMMC has recently undergone some amendments. An older version of the CMMC, or CMMC 1.0, was implemented in 2019. The new version, CMMC 2.0, came into effect at the end of 2024.

Contractors must now comply with CMMC 2.0, although implementation is taking place in stages. For any organization contracting with the Defense Department, the most important takeaway is that you absolutely must be CMMC compliant to continue working with the Department.

What Level of CMMC Certification Do You Need?

If your organization handles any FCI or CUI, you’ll need CMMC certification. Which level is right for you? You can’t know for certain until you apply for a contract, as there is some variation from one external contract to another.

However, you can make an educated guess about the certification you’ll need. The DoD’s Scoping and Assessment Guide also provides more detail about the standards for each level.

Level 1 CMMC

Level 1 is the most straightforward CMMC certification. It doesn’t require third-party auditing; contractors do a self-assessment to get the certification.

Level 1 is usually appropriate for contractors who handle FCI material and nothing else. FCI is unclassified Government information that isn’t publicly available. Details about Government employees or facilities, for example, might be categorized as FCI. Although the information is sensitive, it is not considered critical enough to require the extra protection of a Level 2 or Level 3 certification.

Level 2 CMMC

If your organization handles both CUI and FCI, you will probably require Level 2 CMMC certification.

In many cases, Level 2 certification is straightforward and can be achieved through a self-certification process. However, in some cases you will need to pass a third-party audit for Level 2 certification. The procedure depends on the sensitivity of the data you’ll be handling. The more sensitive the information, the more precautions the DoD puts in place to prevent a potentially disastrous security breach.

Level 3 CMMC

Level 3 CMMC is the most serious and the most difficult certification to obtain. If your organization routinely handles both CUI and FCI and also deals with material that impacts DoD operations, then you may need this certification.

Level 3 CMMC mandates stricter protections than the other two certification levels. It’s required in cases where a data breach could create widespread problems for the Department of Defense, or even for national security.

To obtain Level 3 CMMC certification, you must undergo a Government audit. The Government will thoroughly assess your security system and determine whether it meets the appropriate standards for certification.

What Is the Cybersecurity Compliance Timeline?

CMMC 2.0 came into effect in December 2024. From that date on, organizations working with the Department of Defense are mandated to begin implementing CMMC compliance according to a 4-phase plan.

Phase 1

This stage began in December 2024, as soon as CMMC 2.0 came into effect. During Phase 1, prospective new DoD contractors are required to conduct a self-assessment to ensure cybersecurity compliance according to Level 1 or 2 CMMC. Phase 1 requirements went into effect November 10, 2025.

Phase 2

The full Level 2 standard comes into effect in November 2026, ushering in Phase 2 of CMMC 2.0. At this stage, contractors are subject to third-party audits to ensure cybersecurity compliance with Level 2 and Level 3 certification.

Phase 3

Phase 3 is set to begin in November 2027. At that time, organizations that handle the most sensitive data will be mandated to undergo a Government-run security audit to ensure compliance with Level 3 CMMC certification.

Phase 4

In November 2028, all new defense contracts will contain language stipulating the CMMC level requirement.

What Steps Should You Take To Comply with the CMMC?

Cybersecurity compliance is fairly straightforward and can be broken down into a few key steps.

Step One: Preparation

Determine which certification level is appropriate for your organization and its needs. Begin by deciding which contracts you’d like to apply for, and use the contracts to decide the appropriate certification level.

Remember that it’s always a good idea to aim for the lowest appropriate certification level, as higher levels are more difficult to obtain. If you are not dealing with highly sensitive data, it’s not worth trying to obtain the Level 3 certification.

Step Two: Internal Assessment

Conduct a preliminary assessment of your organization, analyzing where you will need to make changes to achieve cybersecurity compliance.

It’s good practice to do this in two stages. First, complete a self-assessment. Next, check your assessment with an objective source.

Step Three: Third-Party Audit

If you’re working towards Level 2 or Level 3 certification, you’ll need to be audited, either by an approved third-party auditor or by the Government. The CMMC marketplace makes it easy to set up the assessment. Again, you should first perform a self-assessment to make sure that you’ve addressed any shortfalls in your organization before you undergo this audit.

Step Four: Course Correction

The audit may reveal deficiencies in your security system. If so, you may be granted time to correct these deficiencies and still successfully apply for your CMMC certification.

Once you receive your CMMC certification, you’ll need to renew it once a year to confirm that your organization is keeping up with DoD best practices for cybersecurity.

Get Started With the CMMC Certification Process

Get guidance on preparing for CMMC certification.
Learn how one civil engineering firm worked with Onspring to earn its CMMC certification.
Request a demo to explore the benefits of partnering with Onspring.

Billington CyberSecurity Summit: AI Takes Center Stage

Posted on by Vikram Thakur

Premier U.S. Government cyber conference previews AI on offense, on defense and as a target

While adversaries can boost the quality and volume of attacks with artificial intelligence (AI), defenders will apply AI to counter attacks with predictive and proactive defenses.
The advent of Agentic AIs will accelerate this trend and provide more avenues for attack, but defenders will always have the advantage by being able to train AIs with proprietary information and use them to identify vulnerabilities before attackers do.
The transition to post-quantum cryptography will be an industry-wide heavy lift, with extensive rewriting of code to meet post-quantum standards.

Recently, I had the opportunity to share some of my experience and insights at the Billington CyberSecurity Summit in Washington, D.C. Moderated by Chris Townsend, Global Vice President of Public Sector at Elastic, our panel session, “The Future of Cyber Threat: Anticipating Threat Actors’ Next Steps,” explored how threat actors are evolving and what organizations can do now to prepare. Not surprisingly, AI was a hot topic. We also discussed quantum computing, emerging threats and the cybersecurity staffing shortage.

How Attackers Will Leverage AI

Attackers are already using AI to power their attacks, but it is important not to over-sensationalize the impact that AI is having because the proportion of AI-driven attacks is still quite small relative to the overall amount of malicious activity we are seeing. However, we expect that proportion to grow quickly.

One of the main ways attackers are using it now is to create phishing materials, because it addresses what is a weak point for many threat actors, who often are not native English speakers. Attacks that are technically sophisticated can fail because they begin with a spear phishing email whose spelling or grammar is wrong. Large Language Models (LLMs) solve that problem brilliantly because if there is one thing they are good at, it is creating plausible narratives in perfect English.

The other area we see attackers using it is to automate their work. We have already documented examples of code that appears to have been written by an AI.

In the short term, AI will not enable adversaries to do anything new, but we expect it to enhance the quality and volume of their attacks. AI is lowering the entry bar for threat actors. They do not even need to know how to code anymore. Naturally, the number of attacks will begin to go up.

In the medium term, the arrival of Agentic AI is likely to accelerate malicious activity levels, since agents can act autonomously, further minimizing the level of input needed from attackers.

We have already done some research on how agents could be abused and proven that they can already be used to carry out a basic spear phishing attack and deliver malicious code to a target. Agents are still in their infancy, and it is only a matter of time before they become capable of carrying out more sophisticated attacks with minimal instruction.

Preparing For the Quantum Era

The advent of quantum computing presents another significant challenge for cybersecurity. Quantum computers have the potential to break current encryption standards, making it imperative for organizations to transition to post-quantum encryption algorithms.

Adversaries are already preparing for this shift. The “harvest now, decrypt later” strategy involves stealing encrypted data today with the intention of decrypting it once quantum computing becomes viable.

This process of transitioning to post-quantum encryption is not without its challenges. Decades of work have gone into refining and protecting the implementation of existing encryption methods, and we now face the task of revising and rewriting code using new, post-quantum standards. This will inevitably introduce a new generation of bugs, but we will have the benefit of AI to mitigate them.

It Does Not Stop Here

Conferences such as Billington are essential as we navigate this complex landscape. It embodies the Public and Private Sector collaboration that will be key to realizing better cyber defense outcomes moving forward. Together, with partners like Carahsoft delivering mission-critical industry expertise to U.S. Federal and Public Sector agencies, we can anticipate and counter the next generation of cyber threats, ensuring the safety and resilience of our digital ecosystems.

Learn more about how industry icons like Symantec and Carbon Black are putting AI on the front lines of cybersecurity.

Want to learn how Symantec, Carbon Black and Carahsoft can strengthen your cybersecurity posture? Contact us at Broadcom@Carahsoft.com for more information.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Broadcom, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

This post originally appeared on security.com, and is re-published with permission.

Strengthening the OneGov Mission with a New GSA Offer for Broadcom Security Solutions

Posted on by Richard Verwers

The U.S. General Services Administration (GSA) is redefining Federal procurement through its OneGov Strategy, an initiative aimed at streamlining how Government agencies purchase and implement technology. This unified approach is designed to reduce costs, enhance cybersecurity, improve operational efficiency, and move away from the historically siloed procurement process.

To help realize this vision, Broadcom is offering its robust security solutions to civilian and unclassified Department of Defense (DOD) agencies through a limited-time promotion—ensuring agencies can access trusted, commercial-grade tools with greater ease and affordability.

Breaking Down Security Silos with Unified Protection

The GSA’s OneGov strategy emphasizes the need for agencies to operate as a unified enterprise rather than isolated entities. Broadcom’s security portfolio directly supports this vision by providing integrated solutions that work cohesively across agency boundaries. The combination of Symantec Data Loss Prevention (DLP), Carbon Black Endpoint Detection and Response (EDR) and Carbon Black App Control creates a comprehensive security framework that addresses multiple threat vectors from a single console.

This unified approach eliminates the complexity of managing disparate security tools while providing the visibility and control necessary for cross-agency collaboration. By streamlining policy management, reporting and incident response through integrated platforms, agencies can reduce administrative overhead and focus resources on mission-critical activities.

Advancing Zero Trust Architecture Through Proven Technologies

Executive Order on Improving the Nations Cybersecurity requires DoD agencies to establish plans to drive adoption of Zero Trust architecture, while also mandating enhanced software supply chain security and deployment of multifactor authentication and encryption. Zero Trust implementation requires foundational security capabilities that provide continuous verification and monitoring across all network control points. Broadcom’s security solutions deliver these essential components through proven technologies that have been battle-tested in the most demanding environments.

Symantec DLP provides the highest level of data protection with real-time visibility and control over sensitive information. The platform automatically prevents data leaks through intelligent messaging blocking and modification capabilities, ensuring that critical Government assets remain secure whether in transit, at rest or in use. This automated approach reduces the burden on security teams while maintaining strict compliance with Federal data protection requirements.

Carbon Black EDR continuously records endpoint activity, enabling proactive threat hunting and reactive incident response capabilities. This comprehensive visibility allows security teams to detect and respond to advanced threats even in air-gapped environments, providing persistent monitoring essential for Zero Trust architecture.

Implementing Positive Security Models for Enhanced Protection

Traditional security approaches rely on maintaining lists of known threats, which can quickly become outdated as attack vectors evolve. Carbon Black App Control takes a fundamentally different approach by implementing a positive security model that only allows trusted and approved software to execute on Government systems.

This proactive security stance effectively prevents malicious attacks from establishing a foothold, thereby reducing the attack surface and providing agencies with greater confidence in their endpoint security posture.

Flexible Deployment Options for Diverse Government Environments

Government agencies operate across a spectrum of technical environments, from cloud-native deployments to air-gapped networks with limited connectivity. Broadcom’s security solutions are designed to function effectively across this entire range, providing consistent protection regardless of deployment constraints.

Whether agencies require on-premises installation for sensitive workloads, cloud deployment for scalability or air-gapped operation for classified environments, these solutions maintain their full functionality and security effectiveness. This flexibility ensures that agencies with varying technical resources and requirements can implement comprehensive security measures without compromising their operational needs.

Maximizing Value Through Strategic Procurement

The current promotional offering saves 75% off GSA ceiling prices for net new license purchases, representing significant cost savings for DoD agencies looking to enhance their security capabilities. This promotion runs from August 1 through September 30, 2025, and is available through Carahsoft’s GSA Schedule with no minimum quantity requirements.

The pricing structure is designed to be Government Purchase Card friendly, reducing procurement friction and enabling teams to quickly acquire the security tools they need. For existing customers, the promotion applies to net new licenses, allowing agencies to expand their security coverage while taking advantage of substantial savings.

Carahsoft and our partners are here to support your agency in leveraging this simplified procurement pathway. Our team is available to deliver tailored quotes, arrange customized demonstrations and help you maximize the value of Broadcom’s solutions in advancing your modernization objectives.

Ready to transform how your agency secures data and advances Zero Trust goals? Contact our Broadcom team at BroadcomFED@carahsoft.com or call us at 571-662-3260 to learn more and take advantage of this limited-time offer.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Broadcom we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

The Hidden Threat: Why Ignoring Non-Human and Third-Party Identities is a Risk You Cannot Afford

Posted on by Frank Briguglio

I had the opportunity to present and discuss the threat of Non-Human and Third-party Identities at AFCEA TechNet Cyber with the Department of Defense (DoD) community. It is obvious that the maturity of Identity, Credential and Access Management (ICAM) and all identities is top of mind. The Industry, the National Institute of Standards and Technology (NIST), Department of Homeland Security – Cybersecurity and Infrastructure Security Agency (DHS CISA) and the DoD are all starting to focus on the problem, as it is recognized that identity is no longer just an IT problem—it is the front line of defense. We have been deep in digital transformation and the adoption of Zero Trust frameworks and have discovered an inconvenient truth: most organizations are flying blind when it comes to managing the very identities that power their operations—non-human and third-party users.

And that is a problem.

The New Cyber Perimeter: Identity

The old perimeter—firewalls and virtual private networks (VPNs)—is dead. What stands between you and the next breach is your ability to govern who or what has access to your systems. Yet many agencies remain fixated on credentials and authentication, while ignoring vast swaths of non-human actors (bots, robotic process automations (RPAs), service accounts) and external partners (vendors, contractors, mission partners).

This is not just a gap. It is a canyon.

According to Deloitte, 63% of organizations lack visibility into third-party access. Even more troubling, most have no way to list or audit all machine identities operating in the background. These invisible accounts often have persistent, high-level access and no formal governance, making them prime targets for threat actors.

Real-World Breaches, Real-World Consequences

Look no further than the SolarWinds and Okta breaches. In both cases, attackers exploited unmanaged service accounts or contractor credentials to move laterally and escalate privileges. These were not arcane zero-days—they were lapses in identity governance. And they cost credibility, customer trust and in some cases, national security.

The lesson? You cannot protect what you cannot see. And you definitely cannot secure what you do not control.

Why Automation and Governance Are Non-Negotiable

In a Zero Trust architecture, access is no longer assumed—it is continuously verified. But that verification breaks down when service accounts are created ad hoc, with no expiration dates, no ownership and no audit trail. The same goes for third-party users who are onboarded through spreadsheets or informal emails, then forgotten once their project ends—yet their access lives on.

This is how breaches happen.

Governance gaps like these leave organizations exposed to avoidable risks: policy drift, compliance violations, excessive access rights and a lack of accountability. Without automation and lifecycle management, identities multiply faster than security teams can manage them—leading to sprawl, privilege creep and ultimately attack surface expansion.

The Case for Identity-Centric Security

Modern enterprises need identity security platforms that extend beyond the traditional workforce. That means treating machine and third-party identities with the same level of scrutiny, controls and lifecycle management as full-time employees.

SailPoint’s approach offers a compelling blueprint:

Non-Employee Risk Management (NERM): Centralized, auditable workflows for third-party access, including onboarding, offboarding and access reviews.
Machine Identity Security (MIS): AI-driven discovery, classification, ownership assignment and access certification for bots, RPAs and service accounts.

Together, these capabilities provide visibility and governance across all identities, regardless of origin. They also support Zero Trust mandates like least privilege, just-in-time access and continuous verification.

Business Benefits Beyond Security

This is not just about reducing risk. It is about enabling speed and scale without sacrificing control.

With strong identity governance:

Mission partners and contractors get the access they need faster—without creating long-term exposure.
Audit preparation becomes easier, with clear logs of who had access to what, when and why.
Compliance improves, especially in regulated industries, based on NIST and other frameworks.
Security teams can shift from reactive firefighting to proactive risk management.

And perhaps most importantly: organizations become more resilient in the face of evolving threats.

The Bottom Line

Cybersecurity is no longer just about protecting data—it is about protecting trust. And trust starts with visibility and control over every identity that touches your systems.

If your organization is still relying on outdated processes to manage non-human and third-party users, now is the time to act. Inaction is not neutral—it is a strategic liability. As attack surfaces expand and adversaries grow more sophisticated, unmanaged identities will remain the soft underbelly of your defenses.

Zero Trust is not just a framework—it is a mindset. And in that mindset, every identity matters.

It is time to see what has been hiding in plain sight.

Ready to reinforce your identity perimeter? Discover how SailPoint’s ICAM solutions empower organizations to manage digital identities with precision. Explore Now.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including SailPoint we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

The Top 10 OSINT Events for Government in 2025

Posted on by Michael Shrader and Marty Gryski

Open Source Intelligence (OSINT) is no longer a niche capability—it is a core component of modern intelligence work. Carahsoft and our partners have spent years attending and supporting the top OSINT events. We have seen firsthand how AI, automation and smarter data strategies are reshaping the way Government teams gather, analyze and act on intelligence.

This list of the top OSINT events for 2025 and beyond highlights the best places to learn, connect and bring new ideas back to your mission.

OSMOSIS: DC

August 6-7 | Reston, VA | In-Person Event

OSMOSIS:DC is a two-day conference held by OSMOSIS, an Association for OSINT Professionals. The theme for this year is “Technology, Trends, and Transformations.” The expo-style event offers participants direct access to leading vendors, hands on experience with the latest tools and expert-led workshops. Attendees will have the opportunity to connect with industry leaders and build career advancement strategies to help stay ahead of emerging OSINT trends. OSMOSIS:DC is a great opportunity to gain transformative insights from the OSINT industry!

Take a look at some of last year’s top themes in preparation for the 2025 event:

Harnessing Location Intelligence: Advanced OSINT Techniques for Cyber Intelligence Investigations

Linguistic Fingerprints: Using Language to Profile Subjects in OSINT Investigation

Digging for Digital Dirt: Unearthing Bad Actors with Open-Source Intelligence

Carahsoft invites our partners to exhibit at OSMOSIS:DC, hosted at our Conference & Collaboration Center in Reston. Whether you are looking to sponsor, speak, exhibit or just attend, reach out to osintverticalmarketing@carahsoft.com to get involved in this intimate networking event!

Billington Annual Cybersecurity Summit

September 9-12 | Washington, D.C. | In-Person Event

The Billington Annual Cybersecurity Summit is the leading forum for cybersecurity professionals, Government leaders and industry executives to discuss emerging threats, best practices and the latest trends. With over 200 expert speakers, 100+ cyber-focused vendors and more than 40 sessions, attendees will have the chance to engage with top specialists, explore state-of-the-art technologies and participate in thought-provoking discussions. The Summit’s strong focus on collaboration between the Public and Private Sectors provides insights that address real-world security challenges. Learn about cybersecurity strategies, AI-driven threat detection and the latest advancements in national defense at this crucial event!

Carahsoft is looking forward to sponsoring and exhibiting at this year’s event. We’re excited to engage with attendees throughout the week. We will also be hosting a large partner pavilion and encourage attendees to stop by and learn more about our partners and their technology solutions! Check out the events tab on our website  for more details closer to the event!

Intelligence & National Security Summit

September 18-19 | National Harbor, MD | In-Person Event

The Intelligence and National Security Summit (INSS), held by AFCEA International and the Intelligence and National Security Alliance (INSA), gathers thought leaders, policymakers and industry experts dedicated to advancing solutions for shaping the future of intelligence and national security. The two-day event will feature five plenaries, and six breakout sessions focused on AI and emerging technologies, critical infrastructure security, space acquisition and more. Attendees will gain hands on experience with innovative technologies in the Intelligence Community (IC), insights from experts in the field, as well as networking opportunities with Government leaders, technical professionals and leading researchers. Expert-led panels and interactive discussions will cover critical national security challenges and provide actionable strategies for navigating the complex world of intelligence. Join this premier forum to explore the emerging threats, intelligence operations and technological advancements that are redefining the security landscape!

Carahsoft supports INSS by enabling our vendor partners to participate as sponsors and exhibitors, ensuring a strong industry presence at the event.

IACP

October 18-21 | Denver, CO | In-Person Event

The International Association of Chiefs of Police (IACP) is an annual event that brings together public safety professionals from around the world to explore new techniques, share expertise and prepare their departments for future success. The conference features an exposition hall showcasing products from more than 600 vendors, education workshops and networking opportunities with fellow law enforcement professionals. Spanning four days, attendees will have the chance to engage in policy discussions on the latest challenges in policing, leadership and public safety innovation. As one of the largest law enforcement events, IACP 2025 is an essential gathering for agencies looking to enhance their strategies and stay ahead in an evolving security landscape.

Attendees should expect sessions surrounding how to leverage OSINT for criminal investigations, OSINT for threat assessment and risk mitigation, as well as Dark Web and Deep Web investigations.

Carahsoft will have a booth at IACP where several of our vendor partners will demonstrate their solutions and share educational content. We will also be hosting a networking reception with several of our vendor partners, welcoming conference attendees for food, drinks, networking and more! 

OSINT Foundation Awards

November 7 | VA | In-Person Event

The OSINT Foundation Awards recognize individuals and organizations that have made significant contributions to the field of OSINT. Attendees will explore the latest OSINT methodologies, data analysis techniques and the critical role of open source information (OSIF) in national security and risk assessment. This prestigious event highlights major achievements, facilitates professional networking and demonstrates OSINT’s impact on intelligence operations. Join industry experts as they honor innovation, dedication and the future of OSINT!

Awards honored at last year’s ceremony included:

Innovation of the Year

Volunteer of the Year

Practitioner of the Year

Unit of the Year

Catalyst of the Year

Product of the Year

View a more in-depth explanation of the selection criteria here.

Carahsoft is a proud partner of the OSINT Foundation, supporting them annually by hosting the OSINT Foundation Tech Expo. We encourage our partners to get involved with this event by nominating individuals who they believe exemplify excellent service to the nation and contribute to the OSINT discipline.

Global Security Exchange

Sept 29 – Oct 1, 2025 | New Orleans, LA | In-person Event

Global Security Exchange (GSX) 2025 is the premier event for security professionals across the public and private sectors, offering a comprehensive forum to explore the evolving threats and innovations shaping today’s global risk landscape. With immersive education sessions, insightful keynotes and cross-industry networking, GSX brings together leaders and practitioners from around the world to exchange ideas, strategies and best practices. Attendees will gain firsthand insight into the tools and technologies driving the future of physical and cyber security.

Carahsoft is proud to exhibit at GSX 2025 at Booth #2907. Stop by to connect with our OSINT experts and discover the latest open source intelligence technologies designed to help you stay ahead of emerging threats. We look forward to engaging with the security community and sharing how our partners are equipping organizations to be the first line of defense in today’s complex environment.

OSINT Foundation Tech Expo

April 30 – May 1, 2026 | Reston, VA | In-Person Event

The OSINT Foundation Tech Expo is an annual event that brings together professionals and experts in the field, showcasing the latest advancements in OSINT technologies and related services. Attendees can expect a variety of presentations, workshops and networking opportunities designed to enhance knowledge and skills in gathering and analyzing publicly available information. The event aims to foster collaboration and innovation within the OSINT community, making it a must-attend for anyone involved in intelligence and cybersecurity!

Carahsoft is proud to host the OSINT Foundation Tech Expo at the Carahsoft Conference & Collaboration Center in Reston, a space dedicated to ensuring collaboration and support across the technology industry and Government. Carahsoft invites our partners to join the 50 OSINT vendors and agencies already lined up to showcase their own tabletop exhibits. Carahsoft has also collaborated with FedGovToday’s Francis Rose to interview our partners for their Innovation in Government and Video Insights!

GEOINT 2026

May 3-6, 2026 | Aurora, CO | In-Person Event

The GEOINT Symposium is the nation’s largest annual gathering of Government, industry and academic professionals advancing the tradecraft of geospatial intelligence and will be held at the Gaylord Rockies Resort & Convention Center in Aurora, Colorado, May 3-6, 2026. Each year, the Symposium underscores the collaborative efforts and cutting-edge innovations shaping the future of GEOINT. The Symposium will feature industry-leading keynote speakers, main stage panels and hands-on training sessions on topics such as mission planning, precision timing and navigation. Attendees will be able to engage with geospatial intelligence experts to deepen their understanding, foster connections and stay at the forefront of innovative technologies. Attend GEOINT 2026 to explore the critical role geospatial intelligence will play in building a secure future!

Carahsoft intends to showcase a Partner Pavilion with our vendors again in 2026. We look forward to attending GEOINT 2026 and join our OSINT customers to learn more about the latest in geospatial open source intelligence.

SOF Week 2026

May 3-8, 2026| Tampa, FL | In-Person Event

SOF Week 2026 is the annual gathering for the international Special Operations Forces (SOF) community. Jointly sponsored by U.S. Special Operations Command (USSOCOM) and the Global SOF Foundation, the event serves as a platform for fostering collaboration, innovation and excellence in modern special operations. SOF Week will feature keynote addresses from senior leaders, professional development workshops, chances to network and sessions focused on non-profit initiatives. Do not miss this key event shaping the future of SOF operations!

Carahsoft and more than 45 partners will attend and showcase solutions in AI, DevSecOps, cybersecurity, cloud technologies and open source intelligence.

TechNet Cyber 2026

June 2-4, 2026 | Baltimore, MD | In-Person Event

TechNet Cyber 2026, hosted by the Armed Forces Communications and Electronics Association (AFCEA), is a flagship cybersecurity event bringing together U.S. Cyber Command, the Defense Information Systems Agency (DISA), Joint Force Headquarters-Department of Defense (DoD) Information Network and DoD Chief Information Office (CIO), as well as a mix of military, Government, industry and academic leaders. This conference serves as a platform for collaboration, uniting policy, strategic architecture, operations and command and control to address global security challenges in the digital domain. Attendees can expect a comprehensive program featuring expert panels on cybersecurity advancements, technology demonstrations and networking events aimed at enhancing national cybersecurity efforts. Join us in Baltimore to connect with top decision-makers and help drive solutions for this vital mission!

The event will feature a range of exhibitors, including Carahsoft’s leading cyber technology providers. Carahsoft looks forward to joining our open source intelligence customers at TechNet Cyber in 2026.

Join us at one of our 2025 OSINT events to connect with intelligence leaders and professionals dedicated to advancing OSINT. Do not miss this opportunity to explore innovative OSINT techniques and tools, data analysis, cybersecurity and more!

To learn more or get involved in any of the above events please contact us at OSINTVerticalMarketing@Carahsoft.com. For more information on Carahsoft and our industry leading OSINT technology partners’ events, visit our OSINT solutions portfolio.

The Top 6 Insights from GEOINT 2025

Posted on by Lacey Wean

Geospatial intelligence (GEOINT) stands at the forefront of national security innovation, where cutting-edge technologies are rapidly transforming how decision-makers understand and respond to global threats.

At GEOINT Symposium 2025, industry experts, Government officials and thought leaders joined to discuss the latest technology innovations. This year’s conference saw discussion centering around several topics, such as the integration of artificial intelligence (AI), workforce development and new innovations.

Carahsoft and over fifty of our technology partners attended to showcase solutions in AI, cybersecurity and more to support GEOINT mission objectives. Watch all GEOINT sessions to discover how emerging technologies, policy shifts and mission priorities intersect across the Public Sector.

Here are my top six takeaways.

Global Intelligence Coordination and Artificial Intelligence Integration

In the session “Global Intelligence, Local Impact: Source and Analysis at the Speed of Mission,” speakers Gary Dunow, the Executive Vice President at USGIF, Tracy Maloney, the Deputy Director of Source Operations at National Geospatial-Intelligence Agency and Shelby Pierson, the Director of Analysis at National Geospatial-Intelligence Agency discussed tools that maximize efficiency to help fulfill mission objectives. The National Geospatial-Intelligence Agency (NGA) aims to form efficient partnerships that enhance operational effectiveness across all Combatant Commands (COCOMs), and help with the development of streamlined tools that support current DOD intelligence needs. Change detection capabilities, large language models (LLMs) and other AI models are becoming increasingly valuable, with NGA focusing on building confidence in these technologies while curating essential content. The intelligence community is prioritizing geolocated open-source reporting through two active opportunities: metadata tagging to address imagery gaps regardless of source, and cross-domain solutions enabling seamless integration of varied intelligence sources from both domestic and foreign origins. Tulsi Gabbard, the Director of National Intelligence (DNI), emphasized the importance of proactive information sharing rather than waiting for agency requests, while simultaneously building workforce trust in AI through mechanisms for expressing concerns, understanding risks, acknowledging early adoption already underway and cultivating confidence in these emerging technologies.

Rapid Space-Related Intelligence Sharing

The U.S. Space Force and NGA signed a memorandum of agreement at GEOINT, which was discussed at the keynote hosted by General Chance Saltzman, the Chief of Space Operation at U.S. Space Force, Vice Admiral Frank Whitworth, Director at the NGA, and Dan Smoot, the Chief Executive Officer at Maxar Intelligence.

This memorandum comes from the demand for faster access to space-based intelligence for military missions. The agreement enhances intelligence sharing by streamlining coordination between the National Reconnaissance Office (NRO)’s collected commercial satellite imagery, the NGA ‘s data analytics that produce comprehensive intelligence products and the Space Force, who then delivers space-related intelligence to military commanders through its Tactical Surveillance, Reconnaissance and Tracking (TacSRT) program. Through this memorandum, the military gains rapid situational awareness and heightened synergy across Federal agencies. This collaboration streamlines intelligence sharing, enabling faster and more efficient coordination between

GEOINT Initiatives

In her keynote address, Tulsi Gabbard, the Director of National Intelligence of the United States, outlined the Federal approach to GEOINT initiatives, which emphasizes peace maintenance and military readiness. According to Gabbard, to maintain excellence, the Federal Sector must maintain pace with trending technology. Gabbard addressed procurement challenges facing small businesses and stressed the administration’s commitment to technology advancement, geospatial funding priorities and cross-agency partnerships. One such technology, AI, represents both a challenge and opportunity to transform geospatial professional roles without replacing human expertise. The Intelligence Community’s primary focus is conflict prevention rather than winning conflicts, with the GEOINT discipline building crucial trust.

NATO Priorities in Intelligence and Defense

The North Atlantic Treaty Organization (NATO) is actively investing in cutting-edge technologies across the space and sea. During Major General Paul Lynch, the Deputy Assistant Secretary General of Intelligence and NATO International Military Staff’s keynote address, he discussed Federal priorities to integrate AI to stay ahead of emerging threats. In response to these evolving threats, NATO has launched ambitious military exercises, including STEADFAST Defender 2024. One of NATO’s largest military exercises, STEADFAST Defender 2024 is actively pursuing digital transformation and intelligence sharing across while developing closer partnerships with industry experts. NATO’s recent initiatives with the private sector have launched underwater vehicles to aid in mission objectives of remaining at the forefront of defense.

Education and Workforce Development in Geospatial Intelligence

During her keynote address, Tulsi Gabbard emphasized that the geospatial field faces a critical shortage of young talent. Government programs that provide opportunities for new generations are important to inspiring growth. One such program is the United States Geospatial Intelligence Foundation (USGIF)’s “GEOINT Symposium Young Professionals Golden Ticket”, which provides mentoring sessions with GEOINT professionals and opportunities at USGIF events. Carahsoft’s Geospatial Internship Program is another opportunity for incoming professionals. Pathways for further educational curriculum development were discussed at the session “Keynote: Digital Twins and GEOINT – Transforming Intelligence with 3D Analytics.” This keynote offered encouraging developments that will allow the incoming workforce to get involved. The field is becoming increasingly accessible, with open-source data platforms, such as GitHub, significantly lowering entry barriers for newcomers. New opportunities in low-code and no-code environments have been created. While the speakers acknowledged a current pause in Government hiring, the democratization of geospatial technology allows students with creative mindsets to leverage open-source data to enter geospatial careers.

A Hub for Geospatial Capabilities

St. Louis is establishing itself as the epicenter of GEOINT and geospatial efforts. At his keynote session, Senator Eric Schmidt discussed the coordinated statewide university initiative to train the next generation of professionals and anchored with the T-Rex innovation center. This transformation is further enhanced by the new geospatial employment pilot program headquartered at the NGA West, recognizing GEOINT’s critical role in providing commanders with clearer operational pictures. As military leaders increasingly demand more ISR (Intelligence, Surveillance, and Reconnaissance) and GEOINT capabilities, strategic investments in people, partnerships and platforms continue to provide the United States with its competitive edge in the intelligence domain.

Through developments for the future workforce, marine technology and defense initiatives, the GEOINT community maintains the nation’s security. As industry, Government and academia come together, these efforts ensure the United States remains prepared to meet global challenges with agility, innovation and intelligence-driven precision.

To learn more about the innovative technologies featured at GEOINT, visit Carahsoft’s Geospatial portfolio.  For additional research into the key takeaways that industry and Government leaders presented at GEOINT, view Carahsoft’s full recap.

SOF Week 2025: Top 5 Insights on Interoperability, Artificial Intelligence and More

Posted on by Michael Shrader

Effective defense often relies on operations that are agile, adaptable and focused. Special Operations Forces (SOF) Week 2025 is an international conference for thought leaders, Government representatives and key military decision-makers involved in the Department of Defense (DoD). Jointly hosted by the United States Special Operations Command (SOCOM) and Global SOF, the conference platformed discussions surrounding the improvement of cybersecurity and technology within SOF.

This year, Carahsoft and over fifty of our technology partners attended to showcase solutions in artificial intelligence (AI), cybersecurity and much more, supporting SOCOM and DoD mission objectives.

The SOF Week conference featured five key themes for attendees to learn about.

Leveraging Artificial Intelligence to Achieve SOF Objectives

One of SOCOM’s innovation priorities is to onboard products that have AI integrations, uncrewed and autonomous systems, power computing and quantum capabilities. In the session “Keynote Address: U.S. Special Operations Command Team,” speakers General Bryan P. Fenton, Commander of USSOCOM and the Command Sergeant Major Shane Shorter, Senior Enlisted Leader of the USSOCOM, discussed optimizing the computing power of adapted technology to maintain pace with adversaries. By providing the needed tools, SOCOM can help reduce the cognitive load placed on personnel.

In the session “PEO Overview: Tactical Information Systems,” speaker Chad Skiendsiel, the PM for Transport Systems, PEO TiS, requested multiple AI capabilities that would be useful to SOCOM operations. These are:

Automation of data and containerization
Software infrastructure that enables more containerization of data and configuration.
Commercial solutions that can enable classified data computing as well as compute power out to the edge
Embedded computing that can be attached to the warfighter to achieve better situational awareness

In the session “Fireside Chat: AI Innovation and Integration in National Security,” speaker Akash Jain, CTO of Palantir discussed SOF’s efforts to implement AI into SOCOM operations. One key area that requires special attention is AI integration into legacy systems, many of which have existed for years and cannot easily have AI added to enhance the work SOF does. This is why vendors with solutions, such as Hewlett Packard Enterprise, can be utilized to integrate AI into existing infrastructure.

Bolstering Cybersecurity in SOCOM Operations

One of the key themes present in SOCOM’s evolving cybersecurity efforts is the adoption of a Zero Trust architecture, particularly within the Enterprise Information Systems directorate. It is referenced across multiple capability areas as essential to aligning with broader DoD cybersecurity mandates. To advance this strategy, SOCOM is actively engaging with industry and conducting assessments to define mission-driven requirements. Technology experts such as Dell Technologies, Red Hat and VMware are constantly working to be at the forefront of Zero Trust efforts.

Following this focus, the Professional Employer Organizations (PEO) is implementing cybersecurity initiatives in its contracting services. All solicitations will include cyber discipline and hygiene requirements, supply chain risk management and cybersecurity risk management requirements. Across the portfolio within SOCOM, post-quantum encryption is being looked at as the future strategy for cyber and will continue to develop as time goes on. The PEO SOF Digital Applications (SDA) also notes that CISA’s Software Bill of Materials (SBOMs) will continue to be added to its cybersecurity pipeline to ensure software is open and honest. These initiatives work to fortify existing and future cyber structures to protect the effectiveness of missions and the safety of personnel.

As supply chains, SOF and the Defense Industrial Base (DIB) continue to be under threat from adversarial cyber-attacks, PEO Services continue working to fully implement CMMC guidelines in their procedures. For unclassified solicitations, SOCOM will implement CMMC Level One, while any classified solicitations will be level two or higher.

Industry Partnerships to Meet Demand

In the session “Keynote Address: U.S. Special Operations Command Team,” Major General Bryan P. Fenton heavily emphasized that partnerships are key to meeting industry needs. While SOF is maintaining pace with current requirements, to stay ahead in the future, SOCOM must look to industry partners for their specialty and assistance.

One such category of offerings is autonomous, unmanned systems promote efficiency by saving time on menial, repetitive tasks. SOCOM is looking to implement dual-usage, capable autonomous products, such as self-driving cars, drones and robots. Modeled after the Private Sector’s success with unmanned systems, SOCOM agencies aim to evolve at the same speed. To enact this, all onboarded unmanned systems must be interchangeable, adaptable and successful within any region of the world to meet mission requirements.

The Importance of a Modular Open Systems Approach (MOSA)

For the military, multi-domain connectivity is the way forward. Military agencies are focusing on modular open-mission systems that can be interoperable, as they are the key to staying ahead of future conflicts. Depending on industry trends and the latest in cybersecurity, equipment may need to be changed on the fly. Some technologies will need to be found preemptively; in these scenarios, industry experts can provide assistance.

In the session “PEO Overview: SOF Digital Applications session,” Modular Open Systems Approach (MOSA) was noted by every program manager as a solution. This approach is desired as it allows systems and products to remain agile when new software is added.

MOSA consists of three main components:

Infrastructure and Deployment: Hybrid deployment of cloud, multi-vendor capabilities, Open-source technologies and COTS integration
Data Centricity & Interoperability: Messaging & EDA, Black Box interfaces, Ontology Support, preferences on containerization and VMs
AI Implementation & Sustainment: Low-cost and remotely maintainable solutions, lifecycle management and updates, AI support for LLMs and at the edge and adaptability on mission needs

By enabling agencies within SOCOM to implement software updates, MOSA promotes interoperability and the speedy onboarding of key technologies.

Humans Over Hardware

While technology is vital to SOCOM Operations, humans are the backbone of the agency. In the session “Keynote Address: US Secretary of Defense,” Secretary of Defense Pete Hegseth spoke on the three pillars for success within the DoD and how SOCOM can reiterate and emphasize them. Among these three, the warrior ethos is targeted with the slogan, “humans are more important than hardware.” Secretary of Defense Pete Hegseth, USSOCOM Commander General Fenton, and the Chairman of the JCOS Dan Caine all echoed this point that warfighters are the most important aspect within SOF. Any person that meets warfighter standards can serve, and all purchases and developments should center the safety and wellbeing of the warfighter in mind.

Through the collaboration between people and technology, SOF is able to work securely, quickly and smoothly. With top cybersecurity, automation integrations and industry partnerships, SOCOM continues to fulfill DoD mission objectives and keep personnel safe.

To learn more about technologies featured at SOF Week, visit Carahsoft’s defense portfolio.

TechNet Cyber 2025: Top 5 Insights on Zero Trust, Interoperability and More

Posted on by Mike McCalip

Technology is a vital part of the United States Department of Defense (DoD)’s capabilities, making security and enhancements essential to the nation’s stability and growth. AFCEA International’s flagship event, TechNet Cyber, emphasizes the role of cybersecurity and IT within the DoD. Alongside its partners, such as such as Amazon Web Services (AWS), Everfox and Ciena, Carahsoft attended TechNet Cyber to support DoD mission objectives. Carahsoft maintains a unique position in the defense industry with the ability to connect DoD and intelligence community (IC) personnel, Government IT decision-makers, thought leaders and industry and vendor partners. At this year’s conference, leaders and operators in the IT and Defense Department joined to network, facilitate problem solving and explore ways to expedite and secure the procurement process.

Expanding Zero Trust: “Flank Speed” is Ready to Scale

To safeguard against potential cybersecurity attacks, the DoD is working to secure its networks with Zero Trust, a security strategy focused on identity, credential and access management. In the session “DoD Zero Trust Success Stories,” David Voelker, Zero Trust Architecture Lead for the Department of the Navy, discussed recent initiatives to bolster Zero Trust within Flank Speed, the Navy’s single enterprise Microsoft 365 solution that provides productivity tools, collaboration tools and OneDrive storage. The Department of the Navy is planning to conduct autonomous penetration testing to determine the quality of Zero Trust capability implementation. Last year Flank Speed met 151 of 152 Zero Trust activities, meeting target far ahead of schedule. Flank Speed is the Navy’s single enterprise Microsoft 365 solution that provides productivity tools, collaboration tools and OneDrive storage.

Another speaker, Ian Leatherman, the Zero Trust Strategy Lead for Microsoft U.S. Federal, discussed key takeaways from Microsoft’s work with Flank Speed. Visibility into agency networks is critical to emboldening existing Zero Trust strategies. Mr. Leatherman stated, “When in doubt, collect the telemetry: you never know what new or novel adversary techniques you may find.” Knowing exactly how many endpoints, applications and users are on the network at any given time positions the DoD to swiftly deal with incoming threats.

Leatherman also discussed recent initiatives to involve all Navy personnel in a cybersecurity strategy; security is more than a technology solution, but a way to ensure safety within the agency. David Voelker, Zero Trust Architecture Lead at the Department of the Navy echoes this statement. While the Zero Trust Portfolio Office set their DoD-wide Zero Trust adoption target as the end of fiscal year 2027, Flank Speed is already operational. Voelker notes that the Flank Speed configuration could be lifted and shifted to other customers in the DoD, with a quick deployment time of under 24 hours. Mr. Voelker also recommends automating this shift.

Carahsoft and our vendor partners offer several cybersecurity solutions to help Government agencies implement Zero Trust architectures that protect critical information and reduce national security risk. Our offerings align with Public Sector Zero Trust maturity models developed by NIST, the DoD and CISA.

Carahsoft, TechNet, blog, embedded image, 2025

How Mission Objectives Drive Acquisition

Acquiring powerful, up-to-date technology enables the DoD to protect against persistent and increasingly sophisticated cyber-attacks. The DoD aims to streamline its procurement process to maintain pace and safeguard against attacks. In the session “DoD Software Modernization Senior Steering Group,” speaker Sean Brady, Senior Lead for Software Acquisition Enablers at the Office of the Undersecretary of Defense (Acquisition and Sustainment), explained that there are two key drivers to this transformation. The first is mission objectives; software should be tailored to allow the DoD to adapt its systems to rapidly changing threats. The second is access to commercial innovation, which allows the DoD to access products in weeks or months rather than years.

Digital Transformation for Operational Effectiveness

Digital transformation in the DoD is crucial for maintaining pace with an increasingly technology-driven security environment. Thomas W. Simms, Principal Deputy Executive Director for Systems Engineering and Architecture at the Office of the Under Secretary of Defense for Research and Engineering, discussed the major digital transformation efforts within the DoD.

The main four are:

Modular Open Systems Approach (MOSA), a congressional requirement that integrates technical and business strategies to promote acquisition and drives modular designs

The DoD’s Digital Engineering Instruction, which requires programs to use digital engineering in their design process

Application Program Interfaces (APIs), a ruleset that allows communication between software applications and is driven by the DoD’s API guidebook, which enables the DoD to become more data-centric

The DoD’s System Engineering Guidebook, which is currently undergoing an update to incorporate guidance from the Secretary of Defense’s latest memos

By modernizing legacy systems and enabling the DoD to acquire the newest and greatest in IT, these initiatives enhance operational effectiveness and improve decision-making speed.

Fast-Tracking Authority to Operate (ATO)

In the defense industry, technology must be approved to mitigate security risks. The Software Fast Track (SWFT), a process that expedites software verification within the U.S. Government, is changing the way the DoD manages risks and conducts Authority to Operate (ATO). Contractors can get involved with the latest software acquisition and risk management changes by participating in the three recently released requests for information (RFIs).

These RFIs, which close May 20^th, are:

RFI – Software Fast Track (SWFT) Tools

RFI – Software Fast Track (SWFT) External Assessment Methodologies

RFI – Software Fast Track (SWFT) Automation & Artificial Intelligence (AI)

Katie Arrington, the Acting DoD Chief Information Officer (CIO), also discussed the Software Fast Track (SWFT) set to launch on June 1^st of this year. The initiative will replace the traditional Authority to Operate (ATO) structure and add a few requirements, such as third-party Software Bill of Materials (SBOM), third-party risk assessments and the population of Enterprise Mission Assurance Support Service (eMASS) with artifacts. Once these guidelines are in place, contractors will gain a Provisional ATO.

Ms. Arrington attests that these changes will revolutionize the Risk Management Framework (RMF) by allowing industry experts to provide feedback to the DoD. Paper compliance isn’t enough anymore, Ms. Arrington says. The DoD is looking for “continuous monitoring, red-teaming and people to continually evaluate their capability.”

She also added that the DoD will be sunsetting the Approved Products List (APL). Additional sponsor additions are no longer being accepted. Instead, the SWFT initiative will take over, establishing a “trust, but verify” procedure, promoting both security and swift ATO action.

Using Interoperability to Pitch to DoD

As operations increasingly move online, interoperability becomes increasingly important to efficiency and accessibility. Venice Goodwin, the outgoing CIO for the Department of the Air Force, offered advice to industry professionals on navigating changes within DoD. Goodwin recommends that the industry practice “extreme teaming;” rather than service each department individually: vendors should focus on servicing the DoD as a whole. As the DoD prioritizes capabilities that have cross-departmental benefits, industry experts should demonstrate the effectiveness of their capabilities and solutions in every domain across land, sea, air and space. With this collaboration, both the Private and Public Sector can get the results they need.

The digital transformation journey within the Department of Defense represents not just an evolution of systems, but a commitment to defending interests at home and abroad. Acquisition, ATO and Zero Trust are all valuable assets to maintaining pace with the current, constantly evolving technological climate, ensuring the United States carries out its mission of protecting the nation.

To learn more about mission-critical technology, visit Carahsoft’s defense portfolio to explore solutions showcased at TechNet Cyber. For additional research into the key takeaways that industry and Government leaders presented at TechNet Cyber, view Carahsoft’s full synopsis of key sessions from the tradeshow. 

The Top CMMC Events for Government and the DIB in 2025

Posted on by Alex Whitworth

With the release of the Cybersecurity Maturity Model Certification (CMMC) 2.0 framework, 2025 marks a pivotal year for education, collaboration and implementation across the Defense Industrial Base (DIB). As compliance standards evolve, this year’s lineup of CMMC-centric events offers defense contractors, cybersecurity professionals and Government stakeholders unparalleled opportunities to deepen their understanding, explore new solutions and engage directly with policy leaders and technology providers. Below is a preview of the key events shaping the CMMC landscape in 2025—and how Carahsoft and our partners are helping to drive the conversation forward.

CEIC West

May 21-23 | Las Vegas, NV | In-Person Event

CEIC West 2025, the official conference of The Cyber AB, is the premier event for defense contractors and cybersecurity professionals focused on implementing the CMMC 2.0 framework. Hosted by Forum Makers, this conference offers practical strategies to help organizations achieve compliance and secure their place in the DIB. Attendees will benefit from expert-led sessions, hands-on workshops and networking opportunities with key figures from the DoD and The Cyber AB. Additional highlights include pre-conference training, the Women of CMMC Dinner and the Tech for Troops Golf Tournament. Learn how to close security gaps, manage costs and tackle the real-world challenges of CMMC compliance at CEIC West 2025.

Sessions to look out for:

Keynote: “Protecting CUI, Federal Contractors and the Future of CMMC” feat. Katie Arrington, CIO, DoD

“CMMC Beyond the DoD: Preparing for a Broader Compliance Landscape”

Carahsoft will present a Solutions Showcase spotlighting a group of partners that provide CMMC compliance tools tailored for the DIB. Numerous resources and solutions providers —including those in Carahsoft’s “Solutions Showcase” such as Cyturus, Lifeline Data Centers, Axonius Federal Systems, ISI Defense and Paramify— will be available for attendees seeking to learn more about CMMC and Carahsoft’s role in the program. Join us at the pre-conference golf tournament as Carahsoft is proud to be the Beverage Sponsor of this charitable event!

Carahsoft CMMC Webinar Series

August 12-14 | Virtual Event

Carahsoft upcoming webinar series offers a comprehensive look at the latest updates to the CMMC program, providing DIB stakeholders with the insights needed to achieve and maintain compliance. Through a series of expert-led sessions, participants gain a clear understanding of the CMMC framework and learn how to implement effective cybersecurity practices aligned with Federal requirements. Whether you are just beginning your compliance journey or looking to strengthen your existing posture, this series delivers actionable guidance for all levels of the CMMC compliance journey.

The Carahsoft CMMC Webinar Series will feature a number of partners to share insights and offer practical solutions for achieving compliance. Check out our website for more information and to register as we get closer to the event date.

National Cyber Summit

September 23-25 | Huntsville, AL | In-Person Event

The National Cyber Summit 2025 is the nation’s most innovative cybersecurity technology event, offering unique opportunities for education, collaboration and workforce development. Hosted by the North Alabama Chapter of the Information Systems Security Association (NAC-ISSA), Cyber Huntsville Corporation (CHC), Auburn University Research and the University of Alabama in Huntsville, the summit brings together participants from Government, industry and academia. Attendees can expect a comprehensive agenda featuring expert-led sessions, hands-on training and valuable networking designed to foster collaboration and innovation across the cybersecurity landscape. With its strong emphasis on advancing best practices and protecting national interests, the National Cyber Summit remains a must-attend event for the cybersecurity community.

Carahsoft will host a Partner Pavilion highlighting trusted technology providers focused on CMMC compliance solutions for the DIB. This space will serve as a hub for attendees to explore Carahsoft’s extensive lineup of solutions providers and educational resources, offering access to experts and compliance tools.

CS5

October 16-17 | Washington, D.C. | In-Person Event

The essential gathering for Defense Contractors and their Subcontractors to get CMMC compliance right. CS5 is the one conference that brings the entire compliance ecosystem together. From the experts who prepare you (RPOs) to the auditors who assess you (C3PAOs) and the training and tool providers who support you every step of the way. Start here to deliver CMMC compliance to your organization. Return here to optimize your path. If you’re in the defense industrial base, you can’t afford to miss it.

Carahsoft will have a Solutions Showcase for partners that provide CMMC compliance solutions to the DIB. This showcase will provide attendees with a hands-on opportunity to explore Carahsoft’s expansive network of compliance-focused technologies and gain insights into the tools, services and support available to guide them through every phase of their CMMC journey.

DoDIIS *Canceled for 2025

December 7-10 | Fort Lauderdale, FL | In-Person Event

The 2025 Department of Defense Intelligence Information System (DoDIIS) Worldwide Conference is a premier event that brings together senior decision-makers, technical experts and innovators from the DoD, Intelligence Community (IC), industry, academia and Five Eyes (FVEY) partners. This immersive conference offers a unique platform for collaboration and knowledge sharing, focusing on the integration across the IC and the rapid development and deployment of mission-focused solutions. Attendees will have the opportunity to engage with a comprehensive selection of sessions, interact with a broad range of leaders and showcase solutions addressing issues impacting mission users. The event also features dynamic speakers, innovative technologies and networking socials, providing an invaluable experience for all participants.

Carahsoft, Top CMMC Events, blog, embedded image, 2025

Carahsoft will host an expansive Partner Pavilion highlighting cutting-edge technologies that support defense and intelligence missions. Within this space, our Cyber booth—located in the Vertical Alley”—will feature a demo station from our CMMC team.

CMMC Day

May 5, 2026 | College Park, MD | In-Person Event

Join industry leaders at the 6^th annual CMMC Day 2026, where the Defense Industrial Base (DIB) will come together to navigate the shift from compliance to competitiveness under CMMC 2.0. With over 300,000 U.S. Government subcontractors soon to be impacted, this one-day conference offers essential insights into the CMMC framework’s wide-reaching implications for Federal supply chain security. CMMC Day delivers expert-led sessions from the National Institute of Standards and Technology (NIST), the National Information Assurance Partnership (NIAP), the National Security Agency (NSA) and other key players, guiding attendees through NIST 800-171, foundational cybersecurity standards and the maturity model’s evolving requirements.

Whether you are a product vendor, integrator, testing lab or Government official, you will gain actionable knowledge, connect with the full industry value chain and leave better equipped to assess, prepare and certify under the new framework.

Carahsoft is looking forward to showcasing our partners who deliver innovative CMMC compliance solutions for the Defense Industrial Base at CMMC Day 2026. The event will spotlight Carahsoft’s broad portfolio of resources and solution providers, making it a must-attend opportunity for those preparing for or advancing their role in the CMMC ecosystem.

CS2 Reston

May 6-7 | Reston, VA | In-Person Event

The Cloud Security and Compliance Series (CS2) Reston, hosted by Summit 7, brings together defense contractors and IT leaders to learn about Federal cybersecurity requirements. With the CMMC rule now published, the CS2 Reston delivers critical guidance on achieving compliance with CMMC 2.0, NIST 800-171, Defense Federal Acquisition Regulation Supplement (DFARS) 70 Series—7012, 7019, 7020—and International Traffic in Arms Regulations (ITAR), as well as securing Controlled Unclassified Information (CUI) and Federal Contract Information (FCI). Featuring expert-led sessions, real-world case studies and technical breakouts, the agenda includes speakers from The Cybersecurity Assessor and Certification Body (Cyber AB), Microsoft, Summit 7 and others. CS2 Reston is a must-attend event for Chief Information Security Officers (CISOs), IT administrators and compliance professionals seeking practical insights and peer connections in the evolving defense cybersecurity landscape.

Carahsoft will exhibit at CS2 Reston, engaging with attendees interested in learning more about our cybersecurity solutions portfolio and educational resources. Look out for our 2026 involvement on our website.

SOF Week

May 5-8 | Tampa, FL | In-Person Event

SOF Week is the premier global gathering for the Special Operations Forces (SOF) community. Jointly hosted by U.S. Special Operations Command (USSOCOM) and the Global SOF Foundation, this annual event brings together over 19,000 attendees—including SOF operators, defense industry leaders, policymakers and international partners—to collaborate on advancing the future of special operations. Attendees can expect a dynamic agenda featuring senior keynotes, breakout sessions, live demonstrations and a multi-venue exhibition showcasing cutting-edge technologies. SOF Week offers unparalleled opportunities to network, learn and contribute to the global SOF mission.

Carahsoft will host a large Partner Pavilion at SOF Week 2026, where attendees can explore a wide range of mission-focused technologies from our partners. Look out for more information about our involvement in 2026 on our website.

TechNet Cyber

May 6-8 | Baltimore, MD | In-Person Event

TechNet Cyber 2026, hosted by the Armed Forces Communications and Electronics Association (AFCEA) International, is a premier event uniting military, Government, industry and academic leaders to tackle the ever-evolving challenges in cyberspace. The conference emphasizes collaborative strategies to strengthen cyber resilience and outpace adversaries. Attendees will gain valuable insights from top officials at United States Cyber Command (USCYBERCOM), the Defense Information Systems Agency (DISA), the Department of Defense Chief Information Officer (DoD CIO) office and other key agencies. Sessions will cover zero trust architecture, artificial intelligence (AI) integration and cyber workforce development. Featuring a robust exhibit hall and targeted networking opportunities, TechNet Cyber offers a comprehensive platform for driving cybersecurity innovation across the Public and Private Sectors.

Carahsoft will host a Partner Pavilion showcasing cybersecurity solutions from our leading technology partners such as Cyturus. Check out our website as we look forward to our 2026 involvement.

Looking Ahead:

Whether you are just beginning your CMMC journey or looking to enhance your existing compliance strategy, these 2025 events provide a critical forum for insight, innovation and connection. With each event tailored to address the most pressing challenges facing the DIB, participants can expect actionable takeaways, hands-on demos and valuable discussions with experts across Government and industry. Carahsoft is proud to support these initiatives through our presence at each event, along with our robust ecosystem of CMMC-focused partners and resources.

Explore Carahsoft’s full CMMC solutions portfolio and learn how we can help support your compliance efforts.

Sea-Air-Space 2025: Top 6 Insights on AI, Readiness and More

Posted on by Mike McCalip

Sea-Air-Space, the premier maritime exposition of the United States, is an educational hub for defense industry leaders, Government leaders and top military decision-makers to network and discuss the latest insights and advancements in the maritime and space domains. 

Joined by over 40 of our technology partners, Carahsoft showcased solutions on cybersecurity, cloud computing, artificial intelligence (AI) and more at Sea-Air-Space 2025, providing customers the opportunity to engage with and explore technologies designed to enhance the efficiency of mission objectives. 

This year’s conference featured six key themes for attendees to explore.

1. Integrating Artificial Intelligence into Maritime Missions

The efficiency of AI enhances the speed and accuracy of decision-making, providing real-time insights for Sea Service personnel. Integrating AI and other autonomous systems into military operations can satisfy the critical need for close collaboration between the technology industry and the defense sector. Speakers at Sea-Air-Space discussed the importance of finding practical applications of AI, machine learning (ML) and automation across warfighting, business processes, logistics and readiness. 

Major General of the United States Marine Corps, Matthew Glavy, spoke about the Marine Corps’ strategic use of AI. Presently, there is a “campaign of learning” aimed at aligning training and acquisition with AI capabilities. One goal is integrating algorithm management and scalability into AI training. Another is finding AI that functions in harsh maritime environments to improve warfighter’s abilities. Speakers stressed that AI is not just a tool for the future, but a present-day necessity that enables the Sea Services to significantly enhance the effectiveness, precision and longevity of their platforms and operations. With AI’s ability to detect and respond to cyber threats, the nation can better maintain its strategic defense edge.  

2. Preparing Data for Mission Readiness 

Currently available technology, assets and resources can be used to prepare data for future missions. As data can be used to enhance awareness amongst combat environments, sourcing data from diverse sources is vital to developing logistics systems for operations. 

Autonomous systems can be used to collect and translate data into actionable insights, enabling the Sea Services to improve operational readiness, extend lethality and respond swiftly at the tactical edge. The usability of data is just as important as having a diverse source. 

Technology with visualization tools, such as user-friendly dashboards, make data more accessible and predictive. This readability enables forces to anticipate failures, identify vulnerabilities and make data-driven decisions that impact mission readiness, ensuring personnel are equipped to outpace evolving threats.  

3. Maintenance for Operational Readiness 

Readiness is critical to maintaining a competitive edge. The United States Navy’s aims to achieve and sustain 80 percent combat surge ready posture for ships, submarines and aircraft by 2027. To accomplish this, platforms must be maintained and enhanced with the newest technology to ensure they are up-to-date and at their best capacity. Novel approaches to training, manning, and sustainment can all improve force readiness.  

In the session “Ready Our Platforms,” panelists discussed tips on the path to maintain pace with this goal. 

Sea Service personnel should: 

Engage with maintenance initiatives to strengthen planning, execution and partnerships to improve on-time delivery

Take boats out of public shipyards in a timely fashion to ensure combat readiness

Invest in original equipment manufacturing for maintenance work and quality assurance

Review and update the Navy’s acquisition strategy to better acquire services for systems with diminishing subject matter expertise

Increase the number of structural engineers embedded with maintenance teams to enable faster technical resolution of issues

Create a dedicated force to focus on material ordering and provisioning for major maintenance efforts

By embracing a proactive approach to training, manning, modernization and sustainment, the U.S. Navy can ready and bolster its force to improve combat readiness. 

4. Enhancing Security Through Space Systems 

To maintain its competitive edge, the Sea Services must strategically utilize all available assets, including space. In the session “The Critical Role of Industrial Space Assets in Maritime Security,” speaker John Hill, the assistant Secretary of Defense for Space Policy and the Deputy Assistant Secretary of Defense for Space and Missile Defense (PTDO) at the Department of Defense (DoD), discussed the five foundational space mission areas: generating, processing, storing, transporting and protecting data. By aligning mission objectives across the Space Force, Space Command and other relevant forces, the Sea Services can maintain pace with industry goals. Affordable, proliferated space systems and high-value technology can enhance maritime security by providing resilience and durability against emerging threats. By taking a proactive approach to innovation, the defense sector can leverage industry momentum and accelerate capability development.  

5. Innovation With Enterprise Solutions

To support innovation and experimentation, the Sea Services aim to move from traditional procurement models towards modern, iterative approaches that empower operational commands and developers to co-create solutions in real time. 

The key strategies in this shift include: 

Using agile methodologies and continuous delivery pipelines

Giving operational teams authority to drive mission-specific solutions

Building open, modular systems with interoperability standards that allow for adaptable integration that maintains pace with threats and mission priorities

Involving end users throughout the process, ensuring that the burden of integration at scale does not fall to combatants

Providing consistent funding that supports innovation and experimentation

Fostering a culture that accepts measured risk and supports transformation

By decentralizing development and giving operational teams the authority to drive mission-specific solutions, the Navy aims to collapse development timelines, remove bureaucratic friction and deliver high-impact capabilities faster. The initiative provides persistent, mission-aligned funding streams that support innovation and experimentation without excessive risk aversion, creating pathways for scalable solutions at the pace of technological advancement. 

6. A Dive into Maritime Initiatives with Francis Rose

A special Sea-Air-Space 2025 edition of Francis Rose’s Fed Gov Today explores the critical convergence of maritime security, technology and strategy in today’s evolving global environment. An interview with Vice Admiral Andrew Tiongson, Commander of the U.S. Coast Guard Pacific Area, discussed how the Sea Services have increased presence and coordination along the West Coast to counter maritime border incursions. Melissa Carson, Vice President and General Manager at Iron Mountain Government Solutions, highlights the critical need for structured data governance to enable effective AI-driven defense operations. Dr. Abbie Tingstad, Research Professor at the U.S. Coast Guard Academy, underscores the strategic importance of maintaining multi-domain presence in the Arctic through international partnerships, as environmental shifts and great power competition reshape polar governance. These insights collectively demonstrate how technological modernization, AI literacy, data readiness and strategic partnerships are essential for securing maritime domains against complex threats.

Reliable, adaptable and verifiable technology enables the Sea Services to fulfill mission objectives. By leveraging today’s technologies to meet resource needs, extend the lifecycle of critical assets and enhance mission readiness, the Sea Services continue to outpace evolving threats and uphold its promise to protect the nation. 

To learn more about innovations amongst the Sea Services, visit Carahsoft’s defense portfolio to explore solutions showcased at Sea-Air-Space. For additional research into the key takeaways that industry and Government leaders presented at Sea-Air-Space, view Carahsoft’s full synopsis of key sessions from the tradeshow.