Blog

If you develop or sell commercial-off-the-shelf (COTS) technology that ends up in Department of Defense (DoD) environments, there’s a new bar you have to clear. Katie Arrington, the acting DoD CIO has issued a new memo that directly impacts how you manage your software supply chain, and it’s going to change how COTS vendors prepare for procurement.

This signals document reviews the current state of software security initiatives in the federal government and the Department of Defense (DoD), highlighting key programs and policies aimed at enhancing cybersecurity. This includes the recent Executive Order 14306 (signed on June 6th), the DoD’s new Software Fast Track (SWFT), and SSDF and associated CISA attestations under the Biden Administration, part of which were rescinded via Executive Order 14144.

The FedRAMP 20x pilot marks the most significant shift in federal cloud security in over a decade. Launched in May 2025, the program aims to modernize the authorization process by emphasizing speed, automation, and real-time security validation. For organizations pursuing Low Baseline authorization, the 20x path offers a faster, more efficient entry point into the federal market.

Organizations seeking to work with the US government today must navigate a growing array of compliance requirements. Among the most prominent security frameworks are the Cybersecurity Maturity Model Certification (CMMC) and Federal Risk and Authorization Management Program (FedRAMP), each playing a critical role in securing federal information and systems.

The National Security Division (NSD) of the U.S. Department of Justice (DOJ) issued a Final Rule announcing a new Data Security Program (DSP) under Executive Order 14117: Preventing Access To Americans' Bulk Sensitive Personal Data And United States Government-Related Data By Countries Of Concern. Focused on protecting “covered data” transactions, the goal of the DOJ’s Final Rule is clear—prevent access to U.S government-related data and Americans’ sensitive personal data from:

Vulnerability scanning is one of the most critical — and commonly misunderstood — requirements in achieving the Federal Risk and Authorization Management Program (FedRAMP) Authorization to Operate (ATO). Cloud Service Providers (CSPs) must demonstrate a mature vulnerability management program to meet FedRAMP’s rigorous standards, requiring the right people, processes, and technologies in place.

In today’s complex and constantly evolving regulatory environment, businesses face an ever-growing array of compliance requirements across multiple frameworks ranging from FedRAMP, PCI, ISO, GDPR, and HIPAA, to name a few. Navigating these compliance waters is increasingly challenging, particularly with regards to cybersecurity and data protection. However, there are measures you can take to significantly refine your compliance processes. In this article, we will explore how streamlining all of your compliance efforts with a single trusted provider can not only simplify your processes but also enhance your overall security posture.

Any Cloud Service Provider (CSP) who is familiar with FedRAMP likely knows that presenting an authorization package that includes a non-FedRAMP-authorized external service storing or processing of federal metadata wouldn’t get you very far—it’s likely a showstopper. However, some may not realize that that’s not necessarily the case regarding StateRAMP.