What's New in Federal IT, CMMC, and SDVOSB Contracting?
Threat intelligence, CMMC guidance, SDVOSB contracting insights, and federal IT research from the TDS-IS analyst desk. Written for federal program managers, contracting officers, prime contractor business development leads, and SDVOSB partners evaluating a subcontractor fit.
CMMC Compliance for Small Defense Contractors: The Complete Guide
Everything small defense primes and SDVOSB subcontractors need to know about CMMC Level 2: the 110 controls, four implementation phases, SSP documentation, and C3PAO assessment preparation.
SDVOSBSDVOSB Federal IT Contracting: The Definitive Guide for Government Buyers and Teaming Partners
What SDVOSB certification actually means, how the VA Veterans First mandatory source preference works, what federal buyers evaluate beyond the certificate, and teaming agreement structures.
Threat IntelNation-State Tradecraft in Our Honeypot: Why Federal Buyers Should Care About Commercial Threat Intel
A three-year-old Go-based SSH campaign operating from unrouted address space installs immutable backdoors with zero antivirus detection. Six sessions in seven days — here is why it matters for CMMC Level 2 primes.
SDVOSBSDVOSB Set-Asides and the Capability Gap: What Federal Buyers Actually Need From Managed IT Subs
The Veterans Benefits Act mandatory source preference makes SDVOSB status valuable, but capability gaps kill contracts faster than certification lapses. What federal buyers really evaluate.
CMMCThe CMMC Timeline Most Small Primes Are Underestimating
The DoD CMMC Final Rule went effective November 10, 2025, with a phased rollout through 2028. Small primes treating CMMC as a 2027 problem are already behind. Here is the real timeline.
Threat IntelWhat 21 Days of Honeypot Attacks Taught Us About SSH Persistence and NIST 800-171 Compliance
21 distinct attack campaigns over three weeks. The recurring pattern across SSH persistence attacks maps directly onto NIST SP 800-171 gaps most small defense primes have never closed.
AI GovernanceHow We Built an AI-Augmented MSP Without Shipping Controlled Unclassified Information to OpenAI
Most MSPs are piping customer data into cloud AI services with zero thought about CUI, ITAR, or supply chain exposure. The separation of concerns that makes AI tooling defensible for federal workloads.
No articles in this category yet. Check back soon.