October is Cybersecurity Awareness Month. 2025 has been a year sprinkled with updates to security needs across federal agencies, with new rules and enforcement attempting to reshape how IT vendors and partners engage with the government. Here’s the most prominent Need to Know topics and insights across the space, starting with CMMC.

CMMC 2.0

The Department of Defense is set to begin enforcing the Cybersecurity Maturity Model Certification (CMMC) regulations on November 10, 2025.

In August, the Department of the Air Force (DAF) held the annual Department of the Air Force IT Conference (DAFITC) in Montgomery, Alabama. They brought together leading voices from the U.S. Air Force, U.S. Space Force, industry and academia centered on the theme “Lethality, Readiness and Efficiency.” The event spotlighted how modern IT infrastructure, cybersecurity, data and workforce development are all coming together to shape a more agile, secure and mission-ready force.

The DoD is rolling out aggressive updates to its supply chain cybersecurity framework. If you sell software, services or infrastructure into the Defense Industrial Base (DIB), expect tighter requirements, faster timelines and zero tolerance for compliance gaps. These changes affect your ability to win and keep DoD contracts—especially with new programs like:

In early June, President Trump released an Executive Order designed to modify sections of Orders 13694 and 14144 previously released by former administrations and “strengthen the nation’s cybersecurity by focusing on critical protections against foreign cyber threats and enhancing secure technology practices.” We’ll look at the latest provisions and implications therein specifically to software, quantum and AI development.

The Samosa Act, a bipartisan piece of legislation which passed the House in December 2024, has been reintroduced in the senate after advancing through the Senate Homeland Security and Governmental Affairs Committee in May 2023 but failing to reach the Senate floor for a final vote.

The 2025 fiscal year-end is right around the corner for 46 states, which means that it’s time to take advantage of those end-of-year opportunities before they are gone. SLED decision-makers are already looking ahead to next year’s budget process and are working to identify the most pressing technology policy and priority areas that will shape future downstream requirements.

The 2025 National Association of State Chief Information Officers (NASCIO) Midyear Conference took place in Philadelphia, PA where state technology leaders shared insights into their top technology priorities for this year. Some of the key focus areas included AI with emphasis on generative AI, data management, governance and quality and cybersecurity and risk management.

This year, higher education is undergoing a transformative shift and education institutions must now keep pace with the expectations of the modern world. Emerging and innovative technology is at the forefront of this transformation, with a focus on boosting flexibility, expanding access to student services and enhancing the individualized student experience with more personalized learning options.  

To enhance federal cybersecurity, Rep. Nancy Mace, R-S. Carolina, introduced the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025 (H.R. 872) on January 31, 2025. A similar bill introduced the previous year stalled in the Senate. This bill aims to close a critical gap in federal cybersecurity standards by ensuring that all federal contractors implement a vulnerability disclosure policy consistent with the National Institute of Standards and Technology (NIST) guidelines. Shontel Brown, D-Ohio, cosponsors the bill.

In the first week of his administration, President Trump issued the “Removing Barriers to American Leadership in Artificial Intelligence” executive order (EO).