What's New in Federal IT, CMMC, and SDVOSB Contracting?
Threat intelligence, CMMC guidance, SDVOSB contracting insights, and federal IT research from the TDS-IS analyst desk. Written for federal program managers, contracting officers, prime contractor business development leads, and SDVOSB partners evaluating a subcontractor fit.
What Past Performance Does TDS-IS Bring to Federal IT Acquisitions?
Pillar guide. The full TDS-IS federal and SLED past-performance portfolio: VA Contract 36C25821P0341 SDVOSB delivery, LFUCG SLED qualification, Montgomery County Fiscal Court same-day response, and verification paths for contracting officers.
Past PerformanceWhat Did TDS-IS Deliver on VA Contract 36C25821P0341?
SDVOSB set-aside firm-fixed-price AV procurement and installation case study at the VA Southern Arizona NW Community-Based Outpatient Clinic. Three offers received under SAP, $32,435.49 obligated, on-time delivery.
Past PerformanceHow Did TDS-IS Qualify Under the Lexington-Fayette Urban County Government Competitive RFP?
Pre-qualified IT consulting and technical services vendor under RFP #5-2021. Five service categories qualified under the Kentucky Model Procurement Code; renewal RFP #12-2026 submitted.
Past PerformanceHow Did TDS-IS Respond to a Montgomery County Courthouse IT Disruption?
Same-day SLED civilian-government incident response in June 2025: Fiscal Court bond approval, courthouse switch deployment, complimentary IT infrastructure assessment, and follow-on managed-IT scoping.
TeamingHow Do Primes Evaluate, Structure, and Contract with an SDVOSB IT Subcontractor?
The pillar guide for prime contractors. Due diligence, NDA vs. Teaming Agreement vs. CTA vs. Joint Venture, SBA affiliation rules, CMMC posture, and Commercially Useful Function compliance.
TeamingNDA vs. Teaming Agreement vs. CTA vs. Joint Venture for SDVOSB Federal Work
A decision guide for primes and SDVOSB IT firms structuring federal teaming relationships. When to use each vehicle, what each one binds you to, and the order in which they are signed.
TeamingSDVOSB Joint Venture Rules Under 13 CFR 125.18
The regulatory deep-dive. Ownership, control, populated versus unpopulated JVs, the three-in-two rule, the 40% performance-of-work requirement, and the Mentor-Protege exception.
CMMCWhich C3PAOs Are on the Cyber AB Marketplace? A Practical Guide for SDVOSB Contractors
Where to find the authoritative marketplace, what authorization tiers actually mean, the six selection criteria that matter, and the ten questions to ask before signing a C3PAO engagement letter.
TeamingHow an SDVOSB IT Firm Should Approach VA IT IDIQ Prime Awardees
A targeting framework for SDVOSB IT firms approaching T4NG2-class IDIQ primes. How to identify the right primes, what capability gap to lead with, and what compliance posture is table stakes before the first call.
TeamingDrafting an SDVOSB Sub's Content into a Sources Sought or RFI Response
How primes integrate SDVOSB IT subcontractor content into joint capability responses. Attribution, capability framing, CUF-compliant scoping language, and a pre-send checklist.
CMMCCMMC Compliance for Small Defense Contractors: The Complete Guide
Everything small defense primes and SDVOSB subcontractors need to know about CMMC Level 2: the 110 controls, four implementation phases, SSP documentation, and C3PAO assessment preparation.
SDVOSBSDVOSB Federal IT Contracting: The Definitive Guide for Government Buyers and Teaming Partners
What SDVOSB certification actually means, how the VA Veterans First mandatory source preference works, what federal buyers evaluate beyond the certificate, and teaming agreement structures.
Threat IntelNation-State Tradecraft in Our Honeypot: Why Federal Buyers Should Care About Commercial Threat Intel
A three-year-old Go-based SSH campaign operating from unrouted address space installs immutable backdoors with zero antivirus detection. Six sessions in seven days — here is why it matters for CMMC Level 2 primes.
SDVOSBSDVOSB Set-Asides and the Capability Gap: What Federal Buyers Actually Need From Managed IT Subs
The Veterans Benefits Act mandatory source preference makes SDVOSB status valuable, but capability gaps kill contracts faster than certification lapses. What federal buyers really evaluate.
CMMCThe CMMC Timeline Most Small Primes Are Underestimating
The DoD CMMC Final Rule went effective November 10, 2025, with a phased rollout through 2028. Small primes treating CMMC as a 2027 problem are already behind. Here is the real timeline.
Threat IntelWhat 21 Days of Honeypot Attacks Taught Us About SSH Persistence and NIST 800-171 Compliance
21 distinct attack campaigns over three weeks. The recurring pattern across SSH persistence attacks maps directly onto NIST SP 800-171 gaps most small defense primes have never closed.
AI GovernanceHow We Built an AI-Augmented MSP Without Exposing Controlled Unclassified Information to Public AI Services
Most MSPs are piping customer data into public AI services with zero thought about CUI, ITAR, or supply chain exposure. The separation of concerns that makes AI tooling defensible for federal workloads.
No articles in this category yet. Check back soon.