Cybersecurity in 2025: A Cheat Sheet
October is Cybersecurity Awareness Month. 2025 has been a year sprinkled with updates to security needs across federal agencies, with new rules and enforcement attempting to reshape how IT vendors and partners engage with the government. Here’s the most prominent Need to Know topics and insights across the space, starting with CMMC.
CMMC 2.0
The Department of Defense is set to begin enforcing the Cybersecurity Maturity Model Certification (CMMC) regulations on November 10, 2025.
Last December, a final rule was passed establishing the CMMC program framework. In order to enforce CMMC in contracts, however, an Amendment of Title 48 CFR, CMMC clause (DFARS 252.204‑7021) needed to be cleared by OMB-OIRA (Office of Management and Budget and the Office of Information and Regulatory Affairs). That clearance happened in September, setting the course for CMMC inclusions in contracts beginning this November.
The framework has three levels, depending on the sensitivity of information handled:
- Level 1: Self-assessed for basic contracts with Federal Contract Information (FCI).
- Level 2: Third-party assessment for contracts involving Controlled Unclassified Information (CUI).
- Level 3: DoD-led assessments for the highest-sensitivity programs.
While not every solicitation will include CMMC clauses immediately as we’ll see it just beginning in November, contractors should expect them to appear first in high-priority and sensitive acquisitions. This marks a clear shift from preparation to enforcement.
FAR Rule: CUI
In mid-January 2025, the DoD, GSA and NASA introduced a proposed FAR rule to standardize the handling of Controlled Unclassified Information (CUI). The rule implements NARA’s CUI program across all agencies, closing long-standing gaps. For contractors, this means more consistent and established expectations for safeguarding, marking, and documenting CUI.
The FAR is currently undergoing an overhaul as various portions are modified on a rolling basis. IT companies will want to keep pace with any changes, especially as it relates to cybersecurity protocols and procedures, through updates at www.acquisition.gov.
Executive Order 14306
In June, President Trump released the Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13964 and Executive Order 14144. This EO rescinded prior cybersecurity directives, including pausing software attestation requirements tied to the Secure Software Development Framework (SSDF). The EO also emphasizes a push toward government leaning on industry to develop cybersecurity practices in concert with agencies, as opposed to solely a government directive.
Vulnerability Disclosure Policy Momentum
Another development to continue watching is the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025, introduced and passed in the House in March, then reintroduced again in May awaiting final Congressional approval. The bill would require contractors above the simplified acquisition threshold, or those operating federal information systems, to establish Vulnerability Disclosure Policies (VDPs) aligned with NIST guidance. The legislation has not yet been enacted, but it does reflect a growing expectation across government that vendors should proactively identify, disclose, and remediate vulnerabilities. IT companies that adopt VDPs now will be better positioned to meet future requirements and demonstrate maturity in their cybersecurity posture.
Zero Trust and AI
Zero Trust and AI are their own behemoths of topics, and they provide the undercurrent of discussion surrounding cybersecurity as well. DoD agencies are holding steady to the 2027 deadline of zero trust protocols and standards being implemented, and AI technology is certainly finding a home at the intersection of what it may offer to aid in streamlining more security developments. Threat detection, automated incident response, monitoring, reporting and vulnerability assessments are all areas of opportunity continuing to gain speed across federal agencies.
2025 was the year cybersecurity requirements quickly became more engrained. Agencies are no longer signaling intent, but enforcing compliance. IT vendors and partners that invest now in gap assessments and proactive vulnerability management will be positioned to win as we head into FY26 and beyond.
To get more TD SYNNEX Public Sector Market Insight content, please visit our Market Intelligence microsite.
About the Author:
Susanna Patten is a senior manager on the TD SYNNEX Public Sector Market Insights team covering tech trends across the Public Sector. Susanna has over 15 years of experience in public sector IT procurement. Her responsibilities at TD SYNNEX Public Sector include driving market intelligence asset production, ensuring the quality and relevance of deliverables from the Market Insights team, and aligning these insights with sales opportunities.
Related Blog Posts
Federal Fiscal Year End, Federal Government, Market Intelligence, Technology
At this point, anyone keenly watching the budget process every year can tell you the likelihood of a continuing resolution (CR) being passed as opposed to a new budget by Oct 1st is all but guaranteed. CRs act as a temporary stopgap designed to avoid a government shutdown. However, it also locks funding to the previous fiscal year’s level and prevents new projects from getting started. Projects then remain under operations and maintenance until a new budget, with new requirements, is passed.
Susanna Patten
AI, Federal Government, IT Perspective, Market Intelligence, News, State & Local Government, Technology
The One Big Beautiful Bill Act (OBBA), enacted on July 4, 2025, is a significant piece of legislation outlining President Trump's executive agenda and guiding future U.S. tax and spending policies.
Yvonne Maffia
AI, Market Intelligence, State & Local Government, Technology
On July 23, 2025, the Trump administration released an AI Action Plan, highlighting 90 federal policy directives across three key pillars: Accelerating Innovation, Building American AI Infrastructure and Leading in International Diplomacy and Security. The Plan also supports the tenants of the President’s earlier January 23, 2025, Executive Order 14179, “Removing Barriers to American Leadership in Artificial Intelligence.”
Yvonne Maffia
AI, Cloud, Federal Government, Market Intelligence, Technology, Zero Trust
In August, the Department of the Air Force (DAF) held the annual Department of the Air Force IT Conference (DAFITC) in Montgomery, Alabama. They brought together leading voices from the U.S. Air Force, U.S. Space Force, industry and academia centered on the theme “Lethality, Readiness and Efficiency.” The event spotlighted how modern IT infrastructure, cybersecurity, data and workforce development are all coming together to shape a more agile, secure and mission-ready force.
Nikki Hamlin
Federal Government, Market Intelligence, Technology
The Department of Defense (DoD) Defense Innovation Unit (DIU) recently introduced the Digital OnRamp Platform, designed to connect private sector organizations with DoD opportunities. It’s scheduled for release in the fall of 2025, and leverages advanced AI and large language model (LLM) technologies to simplify and enhance the process of matching private sector capabilities with defense needs
Toan Le
Cybersecurity, Federal Government, Market Intelligence, Technology
The DoD is rolling out aggressive updates to its supply chain cybersecurity framework. If you sell software, services or infrastructure into the Defense Industrial Base (DIB), expect tighter requirements, faster timelines and zero tolerance for compliance gaps. These changes affect your ability to win and keep DoD contracts—especially with new programs like:
Toan Le
Cybersecurity, Federal Government, Market Intelligence, Technology
The DoD is rolling out aggressive updates to its supply chain cybersecurity framework. If you sell software, services or infrastructure into the Defense Industrial Base (DIB), expect tighter requirements, faster timelines and zero tolerance for compliance gaps. These changes affect your ability to win and keep DoD contracts—especially with new programs like:
Toan Le
Federal Fiscal Year End, Market Intelligence
As we enter the final stretch of the federal fiscal year, IT vendors and resellers should prepare for a busy final quarter. Federal agencies are working against the clock to obligate FY25 funds—especially those made available only after Congress passed a continuing resolution (CR) in March. At DLT, we’ve analyzed the landscape to help our vendors and partners navigate this critical period with precision.
Susanna Patten
Federal Government, Market Intelligence, Technology
The Department of Veterans Affairs’ (VA) Office of Inspector General (OIG) released a report on July 1, 2025 announcing it found VA procured IT systems which failed to comply with legally-required accessibility standards. Specifically, of the 30 “bedrock and critical” IT systems audited by OIG as part of its report, the inspector general found only four systems that complied with Section 508 of the Rehabilitation Act.
Gabriel Zighelboim
Market Intelligence
Since the Department of Veterans Affairs (VA) launched its most recent attempt to modernize its electronic health record (EHR) system in 2020, the initiative has been plagued with numerous setbacks and budget overruns. Given the issues faced, lawmakers recently introduced a new discussion draft of legislation that would increase oversight of the VA’s efforts.
Gabriel Zighelboim
AI, Cybersecurity, Federal Government, Market Intelligence
In early June, President Trump released an Executive Order designed to modify sections of Orders 13694 and 14144 previously released by former administrations and “strengthen the nation’s cybersecurity by focusing on critical protections against foreign cyber threats and enhancing secure technology practices.” We’ll look at the latest provisions and implications therein specifically to software, quantum and AI development.
Susanna Patten
AI, Cybersecurity, Federal Government, Market Intelligence
In early June, President Trump released an Executive Order designed to modify sections of Orders 13694 and 14144 previously released by former administrations and “strengthen the nation’s cybersecurity by focusing on critical protections against foreign cyber threats and enhancing secure technology practices.” We’ll look at the latest provisions and implications therein specifically to software, quantum and AI development.
Susanna Patten
AI, Cybersecurity, Data, Federal Government, Market Intelligence
The Samosa Act, a bipartisan piece of legislation which passed the House in December 2024, has been reintroduced in the senate after advancing through the Senate Homeland Security and Governmental Affairs Committee in May 2023 but failing to reach the Senate floor for a final vote.
Yvonne Maffia
AI, Cybersecurity, Data, Federal Government, Market Intelligence
The Samosa Act, a bipartisan piece of legislation which passed the House in December 2024, has been reintroduced in the senate after advancing through the Senate Homeland Security and Governmental Affairs Committee in May 2023 but failing to reach the Senate floor for a final vote.
Yvonne Maffia
AI, Cybersecurity, Data, Market Intelligence
The 2025 fiscal year-end is right around the corner for 46 states, which means that it’s time to take advantage of those end-of-year opportunities before they are gone. SLED decision-makers are already looking ahead to next year’s budget process and are working to identify the most pressing technology policy and priority areas that will shape future downstream requirements.
Yvonne Maffia
AI, Cybersecurity, Data, Market Intelligence
The 2025 fiscal year-end is right around the corner for 46 states, which means that it’s time to take advantage of those end-of-year opportunities before they are gone. SLED decision-makers are already looking ahead to next year’s budget process and are working to identify the most pressing technology policy and priority areas that will shape future downstream requirements.
Yvonne Maffia
AI, Cloud, Market Intelligence
There have been big changes to federal technology acquisition in the initial months of the Trump administration to streamline procurement and increase competition. In line with these efforts, a bipartisan group of lawmakers, including Senators Elizabeth Warren and Eric Schmitt, introduced a bill to combat market concentration for artificial intelligence (AI) and cloud capabilities in the Department of Defense (DOD).
Nikki Hamlin
Federal Government, Market Intelligence, Technology
In the administration’s first 100 days in office, multiple executive orders (EO) were signed to update federal procurement. Several initiatives released across the federal market include the OneGov Strategy, procurement consolidation and the Army Transformation Initiative.
Nikki Hamlin
Market Intelligence, Member Spotlight
While some people may view curiosity as a personality trait, Susanna Patten sees it as an important strategic asset. In her role as Senior Manager, Market Intelligence at TD SYNNEX Public Sector, she goes beyond analyzing numbers; she uncovers the narrative behind them. By approaching data with a storytelling mindset, she is able to turn information into insight, and insight into impact.
Julie Morris
Federal Government, Market Intelligence, Technology
On Thursday April 30th, Defense Secretary Pete Hegseth released a memo for the U.S. Army to undergo a “comprehensive transformation”.
Nikki Hamlin
Big Data, Cybersecurity, Market Intelligence, Technology
The 2025 National Association of State Chief Information Officers (NASCIO) Midyear Conference took place in Philadelphia, PA where state technology leaders shared insights into their top technology priorities for this year. Some of the key focus areas included AI with emphasis on generative AI, data management, governance and quality and cybersecurity and risk management.
Yvonne Maffia
Big Data, Cybersecurity, Market Intelligence, Technology
The 2025 National Association of State Chief Information Officers (NASCIO) Midyear Conference took place in Philadelphia, PA where state technology leaders shared insights into their top technology priorities for this year. Some of the key focus areas included AI with emphasis on generative AI, data management, governance and quality and cybersecurity and risk management.
Yvonne Maffia
Acquisition, GSA, Market Intelligence
In the last week, the General Services Administration (GSA) officially launched the OneGov Strategy — a bold, long-term initiative to modernize the way agencies purchase goods and services, starting with IT.In simple terms: GSA wants to move away from agencies buying software in silos and instead act like one large, coordinated customer. That means better pricing, stronger security and a more efficient process, according to the agency.So what’s changing, and what does it mean for IT resellers and vendors in the public sector?
Susanna Patten
Federal Government, Infrastructure, Market Intelligence, Technology
The White House recently introduced a major change in how the federal government plans to procure goods and services in its ongoing effort to eliminate waste, fraud and abuse. In an Executive Order published on March 20, 2025, it calls for all federal procurement to consolidate under General Services Administration (GSA) management. This essentially centralizes all federal agencies’ purchasing of technology products and services to one agency.
Toan Le
Cloud, Cybersecurity, Education, Market Intelligence, Technology
This year, higher education is undergoing a transformative shift and education institutions must now keep pace with the expectations of the modern world. Emerging and innovative technology is at the forefront of this transformation, with a focus on boosting flexibility, expanding access to student services and enhancing the individualized student experience with more personalized learning options.
Yvonne Maffia
Cloud, Cybersecurity, Education, Market Intelligence, Technology
This year, higher education is undergoing a transformative shift and education institutions must now keep pace with the expectations of the modern world. Emerging and innovative technology is at the forefront of this transformation, with a focus on boosting flexibility, expanding access to student services and enhancing the individualized student experience with more personalized learning options.
Yvonne Maffia
Cybersecurity, Market Intelligence
To enhance federal cybersecurity, Rep. Nancy Mace, R-S. Carolina, introduced the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025 (H.R. 872) on January 31, 2025. A similar bill introduced the previous year stalled in the Senate. This bill aims to close a critical gap in federal cybersecurity standards by ensuring that all federal contractors implement a vulnerability disclosure policy consistent with the National Institute of Standards and Technology (NIST) guidelines. Shontel Brown, D-Ohio, cosponsors the bill.
Toan Le
Cybersecurity, Market Intelligence
To enhance federal cybersecurity, Rep. Nancy Mace, R-S. Carolina, introduced the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025 (H.R. 872) on January 31, 2025. A similar bill introduced the previous year stalled in the Senate. This bill aims to close a critical gap in federal cybersecurity standards by ensuring that all federal contractors implement a vulnerability disclosure policy consistent with the National Institute of Standards and Technology (NIST) guidelines. Shontel Brown, D-Ohio, cosponsors the bill.
Toan Le
Cybersecurity, Federal Government, IT Infrastructure, Market Intelligence, Technology
In the first week of his administration, President Trump issued the “Removing Barriers to American Leadership in Artificial Intelligence” executive order (EO).
Susanna Patten
Cybersecurity, Federal Government, IT Infrastructure, Market Intelligence, Technology
In the first week of his administration, President Trump issued the “Removing Barriers to American Leadership in Artificial Intelligence” executive order (EO).
Susanna Patten
Cybersecurity, Market Intelligence, Technology
On April 3, 2025, the Cybersecurity Infrastructure Security Agency released a joint cybersecurity advisory alongside the National Security Agency, Federal Bureau of Investigations, Australian Signals Directorate’s Australian Cyber Security Centre, Canadian Centre for Cyber Security and New Zealand National Cyber Security Centre on a cyberattack technique known as “fast flux.” In a cyberattack using fast flux, cyber attackers rapidly change Domain Name System (DNS) records to obscure the locations of malicious servers and create resilient command and control (C2) infrastructure, thereb
Gabriel Zighelboim
Cybersecurity, Market Intelligence, Technology
On April 3, 2025, the Cybersecurity Infrastructure Security Agency released a joint cybersecurity advisory alongside the National Security Agency, Federal Bureau of Investigations, Australian Signals Directorate’s Australian Cyber Security Centre, Canadian Centre for Cyber Security and New Zealand National Cyber Security Centre on a cyberattack technique known as “fast flux.” In a cyberattack using fast flux, cyber attackers rapidly change Domain Name System (DNS) records to obscure the locations of malicious servers and create resilient command and control (C2) infrastructure, thereb
Gabriel Zighelboim
Cloud Computing, Cybersecurity, Data, Federal Government, IT Infrastructure, Market Intelligence, Technology
In March 2025, the Defense Information Systems Agency (DISA) released its FY25-FY27 data strategy. The strategy consists of three lines of effort (LOE) and follows DISA’s Data Strategy Implementation Plan for FY 2022-2024. IT Companies interested in contracting with DISA should be aware of the data strategy as the strategy will influence DISA’s IT procurement decisions over the next two years.
Gabriel Zighelboim
Cloud Computing, Cybersecurity, Data, Federal Government, IT Infrastructure, Market Intelligence, Technology
In March 2025, the Defense Information Systems Agency (DISA) released its FY25-FY27 data strategy. The strategy consists of three lines of effort (LOE) and follows DISA’s Data Strategy Implementation Plan for FY 2022-2024. IT Companies interested in contracting with DISA should be aware of the data strategy as the strategy will influence DISA’s IT procurement decisions over the next two years.
Gabriel Zighelboim
Market Intelligence, Zero Trust
Workforce Updates and ImplicationsLast month, I discussed workforce reduction as it began to play out across agencies. Since then, we’ve seen an acceleration of additional cuts, as departments have been tasked with providing the White House their intended comprehensive plans for a reduction in force by the week ending March 14, while further federal guidance has more recently directed the Department of Education and VA to lay off additional personnel as well.
Susanna Patten
AI, Big Data, Cybersecurity, Data and Analytics, Federal Government, Market Intelligence
In 2025, SLED government technology is undergoing a significant transformation, focusing on modernization, efficiency and improved service delivery. Emerging and innovative technology is at the forefront of this transformation, with AI leading the charge. AI’s influence on government operations is undeniable; whether it’s public safety, health, or education, AI is shaping government operations across all verticals.
Yvonne Maffia
AI, Big Data, Cybersecurity, Data and Analytics, Federal Government, Market Intelligence
In 2025, SLED government technology is undergoing a significant transformation, focusing on modernization, efficiency and improved service delivery. Emerging and innovative technology is at the forefront of this transformation, with AI leading the charge. AI’s influence on government operations is undeniable; whether it’s public safety, health, or education, AI is shaping government operations across all verticals.
Yvonne Maffia
Cybersecurity, Market Intelligence, State & Local Government
The State Risk and Authorization Management Program, also known as StateRAMP, is slated to rebrand itself to “GovRAMP” later this year to more accurately reflect the entire scope of the nonprofit’s mission and support the “whole-of-state” approach to cybersecurity.
Yvonne Maffia
Cybersecurity, Market Intelligence, State & Local Government
The State Risk and Authorization Management Program, also known as StateRAMP, is slated to rebrand itself to “GovRAMP” later this year to more accurately reflect the entire scope of the nonprofit’s mission and support the “whole-of-state” approach to cybersecurity.
Yvonne Maffia
AI, Cybersecurity, Market Intelligence
The Army is moving fast to stay ahead in the digital battlefield. To make this happen, it is driving modernization initiatives to boost operational effectiveness and strengthen national security with a comprehensive IT modernization strategy. If you're in IT sales, knowing what the Army is focusing on can help you tailor your solutions to their needs and effectively establish a trusting partnership in the long run. Let's examine the top five IT modernization initiatives that are shaping the Army's 2025 vision and see how your tech solutions can help.
Toan Le
AI, Cybersecurity, Market Intelligence
The Army is moving fast to stay ahead in the digital battlefield. To make this happen, it is driving modernization initiatives to boost operational effectiveness and strengthen national security with a comprehensive IT modernization strategy. If you're in IT sales, knowing what the Army is focusing on can help you tailor your solutions to their needs and effectively establish a trusting partnership in the long run. Let's examine the top five IT modernization initiatives that are shaping the Army's 2025 vision and see how your tech solutions can help.
Toan Le
Federal Government, Market Intelligence
We’re now a month into the Trump Administration, and one prevailing theme we’ve seen take hold is that of workforce reduction, in effort according to officials, to maximize long-term efficiency and align to the new Administration’s priorities. For more on the initially announced fed-wide reductions, see my previous blog. The DoD has recently noted it is aiming to reduce its civilian workforce by 5 to 8 percent, including 5,400 probationary defense employee lay-offs.
Susanna Patten
Big Data, Big Data & Analytics, Cybersecurity, Market Intelligence, State & Local Government, Technology
The Center for Digital Government’s 2025 Beyond the Beltway Market Briefing event took place in Mclean, VA last week where state and local government leaders shared insights into top technology priorities for 2025.Some of the key topics of discussion were the 2025 state and local market outlook, the potential impact of the new administration on government technology, emerging technologies such as AI, the foundational role of data, the evolving cybersecurity landscape and modernization and the customer experience.
Yvonne Maffia
Big Data, Big Data & Analytics, Cybersecurity, Market Intelligence, State & Local Government, Technology
The Center for Digital Government’s 2025 Beyond the Beltway Market Briefing event took place in Mclean, VA last week where state and local government leaders shared insights into top technology priorities for 2025.Some of the key topics of discussion were the 2025 state and local market outlook, the potential impact of the new administration on government technology, emerging technologies such as AI, the foundational role of data, the evolving cybersecurity landscape and modernization and the customer experience.
Yvonne Maffia
Federal Government, Market Intelligence
Federal agencies across all areas of government have been contemplating workforce challenges for several years now. Prior to 2025, concerns for federal employees chiefly included maintaining an appropriate number of personnel with many aging out and retiring from the workforce, in addition to obtaining and retaining new talent that fit the ever-increasing technological needs of advanced and emerging IT given the competitive salary requirements for some of the field’s best and brightest.
Susanna Patten
IT Perspective, Market Intelligence, State & Local Government, Technology
Numerous cities in the United States struggle with wastewater issues. Many cities’ systems are designed to accommodate smaller populations, and historical rainfall patterns are increasingly prone to causing overflows – where wastewater spills into drinking water sources, streets and homes. And many cities utilize mostly combined wastewater systems where wastewater and rainwater both drain through the same infrastructure, creating increased stress on city systems during storms.
Gabriel Zighelboim
Big Data, Cloud, Cybersecurity, Market Intelligence
With any new executive administration, change is inevitable for federal agency priorities. It remains true, however, that departments and agencies consistently rely on IT products and services and historic trends confirm stability in public sector IT spending under both Republican and Democratic administrations. For FY25, much of the spending has already been laid out in the budget and priorities for FY26 are well under way, so you can expect to see little change to agency needs in the very near term.
Gabriel Zighelboim
Big Data, Cloud, Cybersecurity, Market Intelligence
With any new executive administration, change is inevitable for federal agency priorities. It remains true, however, that departments and agencies consistently rely on IT products and services and historic trends confirm stability in public sector IT spending under both Republican and Democratic administrations. For FY25, much of the spending has already been laid out in the budget and priorities for FY26 are well under way, so you can expect to see little change to agency needs in the very near term.
Gabriel Zighelboim
Cybersecurity, Digital Design, Market Intelligence, State & Local Government
On December 12th, 2024, The National Association of State Chief Information Officers (NASCIO) released its 2025 annual top 10 priorities list identifying the most pressing technology and policy issues that state CIOs are prioritizing for the upcoming year.
Yvonne Maffia
Cybersecurity, Digital Design, Market Intelligence, State & Local Government
On December 12th, 2024, The National Association of State Chief Information Officers (NASCIO) released its 2025 annual top 10 priorities list identifying the most pressing technology and policy issues that state CIOs are prioritizing for the upcoming year.
Yvonne Maffia