The DoD’s Latest Supply Chain Cybersecurity Strategy
The DoD is rolling out aggressive updates to its supply chain cybersecurity framework. If you sell software, services or infrastructure into the Defense Industrial Base (DIB), expect tighter requirements, faster timelines and zero tolerance for compliance gaps. These changes affect your ability to win and keep DoD contracts—especially with new programs like:
- CMMC 2.0: Level 2 assessments becoming mandatory by FY25
- SBOM: Internal and third-party-validated software inventories
- SWFT: A faster, AI-driven process for software approvals
The DoD CIO’s strategy centers on securing the entire vendor ecosystem—not just primes, but also subcontractors, cloud service providers, MSPs and COTS software sellers. If you're in the stack, you're in scope. Now is the time to align with these requirements or risk being left behind.
To lead this effort, the DoD CIO has outlined four core goals:
- Establish centralized coordination, with the CIO overseeing a steering group focused on DIB cybersecurity.
- Strengthen DIB posture through initiatives like CMMC, SWFT and SBOM.
- Prioritize resources and intelligence sharing to secure critical operations.
- Accelerate secure software acquisition through the new Software Fast Track initiative.
Cybersecurity Maturity Model Certification (CMMC)
The Cybersecurity Maturity Model Certification (CMMC) is how the DoD ensures contractors can protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). Over 2,600 Level 1 assessments and 300+ Level 2 assessments have been submitted so far, including 65 by certified third-party assessors (3PAOs).
Currently, Level 2 is voluntary, but the DoD will make it mandatory by end of FY25 via a new contract clause. Vendors should prep now—this includes self-assessments and certified third-party reviews.
To simplify compliance, the DoD is also updating DFARS and streamlining rules per the executive 10-for-1 reduction policy. Final CMMC rules are expected by late summer 2025.
For small IT vendors, the Army is piloting programs like ENCODE, along with VDI and turnkey cloud services, to cut compliance costs. The DoD is also working with Cyber AB, an independent partner building a CMMC marketplace with vetted providers.
Software Fast Track (SWFT)
The new Software Fast Track (SWFT) initiative, launched May 2025, aims to replace slow RMF/ATO processes and accelerate software delivery to DoD buyers—especially COTS software vendors (FedRAMP SaaS excluded).
Key features:
- Security reviews occur before software is approved for use.
- Uses AI to detect anomalies and flag risks early.
- Cuts duplication and shortens deployment timelines.
- Implementation plan expected July 2025, including timelines and resources.
DoD has released an RFI for industry input, offering vendors a chance to help shape future risk assessment policies.
Software Bill of Materials (SBOM)
As part of SWFT, vendors must submit:
- An internal SBOM
- A third-party validated SBOM
Discrepancies between the two will be flagged by AI for further risk analysis. SBOMs must provide a complete inventory of software components and dependencies to increase transparency and minimize risk.
To comply:
- Automate SBOM generation and validation as part of your dev cycle.
- Monitor for upcoming DoD RFIs that may detail final requirements.
The DoD is also exploring a standardized SBOM format, possibly modeled after FedRAMP's OSCAL.
The DoD is tightening its supply chain cybersecurity requirements through CMMC, SBOM and the new SWFT framework. These changes affect all vendors in the defense ecosystem. To stay competitive, IT companies must adapt now — invest in certifications, streamline risk management processes, and embrace software transparency. The path to future DoD business runs through compliance, speed and trust.
To get more TD SYNNEX Public Sector Market Insight content, please visit our Market Intelligence microsite.
About the Author:
Toan Le is a Senior Market Insights Analyst on the DLT Market Insights team covering DOD and IC domain-centric trends across the Public Sector.
Related Blog Posts
Federal Fiscal Year End, Market Intelligence
As we enter the final stretch of the federal fiscal year, IT vendors and resellers should prepare for a busy final quarter. Federal agencies are working against the clock to obligate FY25 funds—especially those made available only after Congress passed a continuing resolution (CR) in March. At DLT, we’ve analyzed the landscape to help our vendors and partners navigate this critical period with precision.
Susanna Patten
Federal Government, Market Intelligence, Technology
The Department of Veterans Affairs’ (VA) Office of Inspector General (OIG) released a report on July 1, 2025 announcing it found VA procured IT systems which failed to comply with legally-required accessibility standards. Specifically, of the 30 “bedrock and critical” IT systems audited by OIG as part of its report, the inspector general found only four systems that complied with Section 508 of the Rehabilitation Act.
Gabriel Zighelboim
Federal Government, Market Intelligence, Technology
The Department of Veterans Affairs’ (VA) Office of Inspector General (OIG) released a report on July 1, 2025 announcing it found VA procured IT systems which failed to comply with legally-required accessibility standards. Specifically, of the 30 “bedrock and critical” IT systems audited by OIG as part of its report, the inspector general found only four systems that complied with Section 508 of the Rehabilitation Act.
Gabriel Zighelboim
Federal Government, Market Intelligence, Technology
The Department of Veterans Affairs’ (VA) Office of Inspector General (OIG) released a report on July 1, 2025 announcing it found VA procured IT systems which failed to comply with legally-required accessibility standards. Specifically, of the 30 “bedrock and critical” IT systems audited by OIG as part of its report, the inspector general found only four systems that complied with Section 508 of the Rehabilitation Act.
Gabriel Zighelboim
Market Intelligence
Since the Department of Veterans Affairs (VA) launched its most recent attempt to modernize its electronic health record (EHR) system in 2020, the initiative has been plagued with numerous setbacks and budget overruns. Given the issues faced, lawmakers recently introduced a new discussion draft of legislation that would increase oversight of the VA’s efforts.
Gabriel Zighelboim
AI, Cybersecurity, Federal Government, Market Intelligence
In early June, President Trump released an Executive Order designed to modify sections of Orders 13694 and 14144 previously released by former administrations and “strengthen the nation’s cybersecurity by focusing on critical protections against foreign cyber threats and enhancing secure technology practices.” We’ll look at the latest provisions and implications therein specifically to software, quantum and AI development.
Susanna Patten
AI, Cybersecurity, Federal Government, Market Intelligence
In early June, President Trump released an Executive Order designed to modify sections of Orders 13694 and 14144 previously released by former administrations and “strengthen the nation’s cybersecurity by focusing on critical protections against foreign cyber threats and enhancing secure technology practices.” We’ll look at the latest provisions and implications therein specifically to software, quantum and AI development.
Susanna Patten
AI, Cybersecurity, Federal Government, Market Intelligence
In early June, President Trump released an Executive Order designed to modify sections of Orders 13694 and 14144 previously released by former administrations and “strengthen the nation’s cybersecurity by focusing on critical protections against foreign cyber threats and enhancing secure technology practices.” We’ll look at the latest provisions and implications therein specifically to software, quantum and AI development.
Susanna Patten
AI, Cybersecurity, Data, Federal Government, Market Intelligence
The Samosa Act, a bipartisan piece of legislation which passed the House in December 2024, has been reintroduced in the senate after advancing through the Senate Homeland Security and Governmental Affairs Committee in May 2023 but failing to reach the Senate floor for a final vote.
Yvonne Maffia
AI, Cybersecurity, Data, Federal Government, Market Intelligence
The Samosa Act, a bipartisan piece of legislation which passed the House in December 2024, has been reintroduced in the senate after advancing through the Senate Homeland Security and Governmental Affairs Committee in May 2023 but failing to reach the Senate floor for a final vote.
Yvonne Maffia
AI, Cybersecurity, Data, Federal Government, Market Intelligence
The Samosa Act, a bipartisan piece of legislation which passed the House in December 2024, has been reintroduced in the senate after advancing through the Senate Homeland Security and Governmental Affairs Committee in May 2023 but failing to reach the Senate floor for a final vote.
Yvonne Maffia
AI, Cybersecurity, Data, Market Intelligence
The 2025 fiscal year-end is right around the corner for 46 states, which means that it’s time to take advantage of those end-of-year opportunities before they are gone. SLED decision-makers are already looking ahead to next year’s budget process and are working to identify the most pressing technology policy and priority areas that will shape future downstream requirements.
Yvonne Maffia
AI, Cybersecurity, Data, Market Intelligence
The 2025 fiscal year-end is right around the corner for 46 states, which means that it’s time to take advantage of those end-of-year opportunities before they are gone. SLED decision-makers are already looking ahead to next year’s budget process and are working to identify the most pressing technology policy and priority areas that will shape future downstream requirements.
Yvonne Maffia
AI, Cloud, Market Intelligence
There have been big changes to federal technology acquisition in the initial months of the Trump administration to streamline procurement and increase competition. In line with these efforts, a bipartisan group of lawmakers, including Senators Elizabeth Warren and Eric Schmitt, introduced a bill to combat market concentration for artificial intelligence (AI) and cloud capabilities in the Department of Defense (DOD).
Nikki Hamlin
Federal Government, Market Intelligence, Technology
In the administration’s first 100 days in office, multiple executive orders (EO) were signed to update federal procurement. Several initiatives released across the federal market include the OneGov Strategy, procurement consolidation and the Army Transformation Initiative.
Nikki Hamlin
Federal Government, Market Intelligence, Technology
In the administration’s first 100 days in office, multiple executive orders (EO) were signed to update federal procurement. Several initiatives released across the federal market include the OneGov Strategy, procurement consolidation and the Army Transformation Initiative.
Nikki Hamlin
Federal Government, Market Intelligence, Technology
In the administration’s first 100 days in office, multiple executive orders (EO) were signed to update federal procurement. Several initiatives released across the federal market include the OneGov Strategy, procurement consolidation and the Army Transformation Initiative.
Nikki Hamlin
Market Intelligence, Member Spotlight
While some people may view curiosity as a personality trait, Susanna Patten sees it as an important strategic asset. In her role as Senior Manager, Market Intelligence at TD SYNNEX Public Sector, she goes beyond analyzing numbers; she uncovers the narrative behind them. By approaching data with a storytelling mindset, she is able to turn information into insight, and insight into impact.
Julie Morris
Federal Government, Market Intelligence, Technology
On Thursday April 30th, Defense Secretary Pete Hegseth released a memo for the U.S. Army to undergo a “comprehensive transformation”.
Nikki Hamlin
Federal Government, Market Intelligence, Technology
On Thursday April 30th, Defense Secretary Pete Hegseth released a memo for the U.S. Army to undergo a “comprehensive transformation”.
Nikki Hamlin
Federal Government, Market Intelligence, Technology
On Thursday April 30th, Defense Secretary Pete Hegseth released a memo for the U.S. Army to undergo a “comprehensive transformation”.
Nikki Hamlin
Big Data, Cybersecurity, Market Intelligence, Technology
The 2025 National Association of State Chief Information Officers (NASCIO) Midyear Conference took place in Philadelphia, PA where state technology leaders shared insights into their top technology priorities for this year. Some of the key focus areas included AI with emphasis on generative AI, data management, governance and quality and cybersecurity and risk management.
Yvonne Maffia
Big Data, Cybersecurity, Market Intelligence, Technology
The 2025 National Association of State Chief Information Officers (NASCIO) Midyear Conference took place in Philadelphia, PA where state technology leaders shared insights into their top technology priorities for this year. Some of the key focus areas included AI with emphasis on generative AI, data management, governance and quality and cybersecurity and risk management.
Yvonne Maffia
Big Data, Cybersecurity, Market Intelligence, Technology
The 2025 National Association of State Chief Information Officers (NASCIO) Midyear Conference took place in Philadelphia, PA where state technology leaders shared insights into their top technology priorities for this year. Some of the key focus areas included AI with emphasis on generative AI, data management, governance and quality and cybersecurity and risk management.
Yvonne Maffia
Acquisition, GSA, Market Intelligence
In the last week, the General Services Administration (GSA) officially launched the OneGov Strategy — a bold, long-term initiative to modernize the way agencies purchase goods and services, starting with IT.In simple terms: GSA wants to move away from agencies buying software in silos and instead act like one large, coordinated customer. That means better pricing, stronger security and a more efficient process, according to the agency.So what’s changing, and what does it mean for IT resellers and vendors in the public sector?
Susanna Patten
Federal Government, Infrastructure, Market Intelligence, Technology
The White House recently introduced a major change in how the federal government plans to procure goods and services in its ongoing effort to eliminate waste, fraud and abuse. In an Executive Order published on March 20, 2025, it calls for all federal procurement to consolidate under General Services Administration (GSA) management. This essentially centralizes all federal agencies’ purchasing of technology products and services to one agency.
Toan Le
Federal Government, Infrastructure, Market Intelligence, Technology
The White House recently introduced a major change in how the federal government plans to procure goods and services in its ongoing effort to eliminate waste, fraud and abuse. In an Executive Order published on March 20, 2025, it calls for all federal procurement to consolidate under General Services Administration (GSA) management. This essentially centralizes all federal agencies’ purchasing of technology products and services to one agency.
Toan Le
Federal Government, Infrastructure, Market Intelligence, Technology
The White House recently introduced a major change in how the federal government plans to procure goods and services in its ongoing effort to eliminate waste, fraud and abuse. In an Executive Order published on March 20, 2025, it calls for all federal procurement to consolidate under General Services Administration (GSA) management. This essentially centralizes all federal agencies’ purchasing of technology products and services to one agency.
Toan Le
Cloud, Cybersecurity, Education, Market Intelligence, Technology
This year, higher education is undergoing a transformative shift and education institutions must now keep pace with the expectations of the modern world. Emerging and innovative technology is at the forefront of this transformation, with a focus on boosting flexibility, expanding access to student services and enhancing the individualized student experience with more personalized learning options.
Yvonne Maffia
Cloud, Cybersecurity, Education, Market Intelligence, Technology
This year, higher education is undergoing a transformative shift and education institutions must now keep pace with the expectations of the modern world. Emerging and innovative technology is at the forefront of this transformation, with a focus on boosting flexibility, expanding access to student services and enhancing the individualized student experience with more personalized learning options.
Yvonne Maffia
Cloud, Cybersecurity, Education, Market Intelligence, Technology
This year, higher education is undergoing a transformative shift and education institutions must now keep pace with the expectations of the modern world. Emerging and innovative technology is at the forefront of this transformation, with a focus on boosting flexibility, expanding access to student services and enhancing the individualized student experience with more personalized learning options.
Yvonne Maffia
Cybersecurity, Market Intelligence
To enhance federal cybersecurity, Rep. Nancy Mace, R-S. Carolina, introduced the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025 (H.R. 872) on January 31, 2025. A similar bill introduced the previous year stalled in the Senate. This bill aims to close a critical gap in federal cybersecurity standards by ensuring that all federal contractors implement a vulnerability disclosure policy consistent with the National Institute of Standards and Technology (NIST) guidelines. Shontel Brown, D-Ohio, cosponsors the bill.
Toan Le
Cybersecurity, Market Intelligence
To enhance federal cybersecurity, Rep. Nancy Mace, R-S. Carolina, introduced the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025 (H.R. 872) on January 31, 2025. A similar bill introduced the previous year stalled in the Senate. This bill aims to close a critical gap in federal cybersecurity standards by ensuring that all federal contractors implement a vulnerability disclosure policy consistent with the National Institute of Standards and Technology (NIST) guidelines. Shontel Brown, D-Ohio, cosponsors the bill.
Toan Le
Cybersecurity, Federal Government, IT Infrastructure, Market Intelligence, Technology
In the first week of his administration, President Trump issued the “Removing Barriers to American Leadership in Artificial Intelligence” executive order (EO).
Susanna Patten
Cybersecurity, Federal Government, IT Infrastructure, Market Intelligence, Technology
In the first week of his administration, President Trump issued the “Removing Barriers to American Leadership in Artificial Intelligence” executive order (EO).
Susanna Patten
Cybersecurity, Federal Government, IT Infrastructure, Market Intelligence, Technology
In the first week of his administration, President Trump issued the “Removing Barriers to American Leadership in Artificial Intelligence” executive order (EO).
Susanna Patten
Cybersecurity, Federal Government, IT Infrastructure, Market Intelligence, Technology
In the first week of his administration, President Trump issued the “Removing Barriers to American Leadership in Artificial Intelligence” executive order (EO).
Susanna Patten
Cybersecurity, Market Intelligence, Technology
On April 3, 2025, the Cybersecurity Infrastructure Security Agency released a joint cybersecurity advisory alongside the National Security Agency, Federal Bureau of Investigations, Australian Signals Directorate’s Australian Cyber Security Centre, Canadian Centre for Cyber Security and New Zealand National Cyber Security Centre on a cyberattack technique known as “fast flux.” In a cyberattack using fast flux, cyber attackers rapidly change Domain Name System (DNS) records to obscure the locations of malicious servers and create resilient command and control (C2) infrastructure, thereb
Gabriel Zighelboim
Cybersecurity, Market Intelligence, Technology
On April 3, 2025, the Cybersecurity Infrastructure Security Agency released a joint cybersecurity advisory alongside the National Security Agency, Federal Bureau of Investigations, Australian Signals Directorate’s Australian Cyber Security Centre, Canadian Centre for Cyber Security and New Zealand National Cyber Security Centre on a cyberattack technique known as “fast flux.” In a cyberattack using fast flux, cyber attackers rapidly change Domain Name System (DNS) records to obscure the locations of malicious servers and create resilient command and control (C2) infrastructure, thereb
Gabriel Zighelboim
Cybersecurity, Market Intelligence, Technology
On April 3, 2025, the Cybersecurity Infrastructure Security Agency released a joint cybersecurity advisory alongside the National Security Agency, Federal Bureau of Investigations, Australian Signals Directorate’s Australian Cyber Security Centre, Canadian Centre for Cyber Security and New Zealand National Cyber Security Centre on a cyberattack technique known as “fast flux.” In a cyberattack using fast flux, cyber attackers rapidly change Domain Name System (DNS) records to obscure the locations of malicious servers and create resilient command and control (C2) infrastructure, thereb
Gabriel Zighelboim
Cloud Computing, Cybersecurity, Data, Federal Government, IT Infrastructure, Market Intelligence, Technology
In March 2025, the Defense Information Systems Agency (DISA) released its FY25-FY27 data strategy. The strategy consists of three lines of effort (LOE) and follows DISA’s Data Strategy Implementation Plan for FY 2022-2024. IT Companies interested in contracting with DISA should be aware of the data strategy as the strategy will influence DISA’s IT procurement decisions over the next two years.
Gabriel Zighelboim
Cloud Computing, Cybersecurity, Data, Federal Government, IT Infrastructure, Market Intelligence, Technology
In March 2025, the Defense Information Systems Agency (DISA) released its FY25-FY27 data strategy. The strategy consists of three lines of effort (LOE) and follows DISA’s Data Strategy Implementation Plan for FY 2022-2024. IT Companies interested in contracting with DISA should be aware of the data strategy as the strategy will influence DISA’s IT procurement decisions over the next two years.
Gabriel Zighelboim
Cloud Computing, Cybersecurity, Data, Federal Government, IT Infrastructure, Market Intelligence, Technology
In March 2025, the Defense Information Systems Agency (DISA) released its FY25-FY27 data strategy. The strategy consists of three lines of effort (LOE) and follows DISA’s Data Strategy Implementation Plan for FY 2022-2024. IT Companies interested in contracting with DISA should be aware of the data strategy as the strategy will influence DISA’s IT procurement decisions over the next two years.
Gabriel Zighelboim
Cloud Computing, Cybersecurity, Data, Federal Government, IT Infrastructure, Market Intelligence, Technology
In March 2025, the Defense Information Systems Agency (DISA) released its FY25-FY27 data strategy. The strategy consists of three lines of effort (LOE) and follows DISA’s Data Strategy Implementation Plan for FY 2022-2024. IT Companies interested in contracting with DISA should be aware of the data strategy as the strategy will influence DISA’s IT procurement decisions over the next two years.
Gabriel Zighelboim
Market Intelligence, Zero Trust
Workforce Updates and ImplicationsLast month, I discussed workforce reduction as it began to play out across agencies. Since then, we’ve seen an acceleration of additional cuts, as departments have been tasked with providing the White House their intended comprehensive plans for a reduction in force by the week ending March 14, while further federal guidance has more recently directed the Department of Education and VA to lay off additional personnel as well.
Susanna Patten
AI, Big Data, Cybersecurity, Data and Analytics, Federal Government, Market Intelligence
In 2025, SLED government technology is undergoing a significant transformation, focusing on modernization, efficiency and improved service delivery. Emerging and innovative technology is at the forefront of this transformation, with AI leading the charge. AI’s influence on government operations is undeniable; whether it’s public safety, health, or education, AI is shaping government operations across all verticals.
Yvonne Maffia
AI, Big Data, Cybersecurity, Data and Analytics, Federal Government, Market Intelligence
In 2025, SLED government technology is undergoing a significant transformation, focusing on modernization, efficiency and improved service delivery. Emerging and innovative technology is at the forefront of this transformation, with AI leading the charge. AI’s influence on government operations is undeniable; whether it’s public safety, health, or education, AI is shaping government operations across all verticals.
Yvonne Maffia
AI, Big Data, Cybersecurity, Data and Analytics, Federal Government, Market Intelligence
In 2025, SLED government technology is undergoing a significant transformation, focusing on modernization, efficiency and improved service delivery. Emerging and innovative technology is at the forefront of this transformation, with AI leading the charge. AI’s influence on government operations is undeniable; whether it’s public safety, health, or education, AI is shaping government operations across all verticals.
Yvonne Maffia
Cybersecurity, Market Intelligence, State & Local Government
The State Risk and Authorization Management Program, also known as StateRAMP, is slated to rebrand itself to “GovRAMP” later this year to more accurately reflect the entire scope of the nonprofit’s mission and support the “whole-of-state” approach to cybersecurity.
Yvonne Maffia
Cybersecurity, Market Intelligence, State & Local Government
The State Risk and Authorization Management Program, also known as StateRAMP, is slated to rebrand itself to “GovRAMP” later this year to more accurately reflect the entire scope of the nonprofit’s mission and support the “whole-of-state” approach to cybersecurity.
Yvonne Maffia