October is Cybersecurity Awareness Month. 2025 has been a year sprinkled with updates to security needs across federal agencies, with new rules and enforcement attempting to reshape how IT vendors and partners engage with the government. Here’s the most prominent Need to Know topics and insights across the space, starting with CMMC.

CMMC 2.0

The Department of Defense is set to begin enforcing the Cybersecurity Maturity Model Certification (CMMC) regulations on November 10, 2025.

At this point, anyone keenly watching the budget process every year can tell you the likelihood of a continuing resolution (CR) being passed as opposed to a new budget by Oct 1st is all but guaranteed. CRs act as a temporary stopgap designed to avoid a government shutdown. However, it also locks funding to the previous fiscal year’s level and prevents new projects from getting started. Projects then remain under operations and maintenance until a new budget, with new requirements, is passed.

The One Big Beautiful Bill Act (OBBA), enacted on July 4, 2025, is a significant piece of legislation outlining President Trump's executive agenda and guiding future U.S. tax and spending policies.

On July 23, 2025, the Trump administration released an AI Action Plan, highlighting 90 federal policy directives across three key pillars: Accelerating Innovation, Building American AI Infrastructure and Leading in International Diplomacy and Security. The Plan also supports the tenants of the President’s earlier January 23, 2025, Executive Order 14179, “Removing Barriers to American Leadership in Artificial Intelligence.”

In August, the Department of the Air Force (DAF) held the annual Department of the Air Force IT Conference (DAFITC) in Montgomery, Alabama. They brought together leading voices from the U.S. Air Force, U.S. Space Force, industry and academia centered on the theme “Lethality, Readiness and Efficiency.” The event spotlighted how modern IT infrastructure, cybersecurity, data and workforce development are all coming together to shape a more agile, secure and mission-ready force.

The Department of Defense (DoD) Defense Innovation Unit (DIU) recently introduced the Digital OnRamp Platform, designed to connect private sector organizations with DoD opportunities. It’s scheduled for release in the fall of 2025, and leverages advanced AI and large language model (LLM) technologies to simplify and enhance the process of matching private sector capabilities with defense needs

The DoD is rolling out aggressive updates to its supply chain cybersecurity framework. If you sell software, services or infrastructure into the Defense Industrial Base (DIB), expect tighter requirements, faster timelines and zero tolerance for compliance gaps. These changes affect your ability to win and keep DoD contracts—especially with new programs like:

As we enter the final stretch of the federal fiscal year, IT vendors and resellers should prepare for a busy final quarter. Federal agencies are working against the clock to obligate FY25 funds—especially those made available only after Congress passed a continuing resolution (CR) in March. At DLT, we’ve analyzed the landscape to help our vendors and partners navigate this critical period with precision.

The Department of Veterans Affairs’ (VA) Office of Inspector General (OIG) released a report on July 1, 2025 announcing it found VA procured IT systems which failed to comply with legally-required accessibility standards. Specifically, of the 30 “bedrock and critical” IT systems audited by OIG as part of its report, the inspector general found only four systems that complied with Section 508 of the Rehabilitation Act.

Since the Department of Veterans Affairs (VA) launched its most recent attempt to modernize its electronic health record (EHR) system in 2020, the initiative has been plagued with numerous setbacks and budget overruns. Given the issues faced, lawmakers recently introduced a new discussion draft of legislation that would increase oversight of the VA’s efforts.