News

The DoD Is Raising the Bar on Supply Chain Cybersecurity

The Department of Defense is rolling out major updates to strengthen cybersecurity across its entire supply chain. If you provide software, hardware, cloud services, or IT support to the Defense Industrial Base, expect tighter requirements, faster reviews, and zero room for compliance gaps.

These changes directly impact your ability to win, perform, and retain DoD contracts, especially with new initiatives like:

  • CMMC 2.0 Level 2 assessments moving to mandatory status in FY25
  • SBOM Requirements internal and third party validated software inventories
  • SWFT a new AI driven approval process to speed up secure software delivery

The DoD CIO’s strategy is clear every vendor in the ecosystem must be secure, from primes and subcontractors to MSPs, cloud providers, and COTS software sellers. If you are connected to the mission, you are in scope.

DoD’s Four Strategic Priorities

The DoD CIO outlined four key goals that shape where the ecosystem is headed:

  1. Centralized cybersecurity coordination, led by the DoD CIO and a dedicated DIB security steering group
  2. Strengthening the DIB’s cyber posture through programs like CMMC, SWFT, and SBOM
  3. Improved resource and intelligence sharing to protect critical operations
  4. Accelerating secure software acquisition using SWFT to reduce bottlenecks and increase readiness

Cybersecurity Maturity Model Certification CMMC Mandatory by FY25

CMMC remains the cornerstone of the DoD’s contractor cybersecurity strategy. To date, more than:

  • 2,600 Level 1 assessments
  • 300 Level 2 assessments
  • 65 certified third party assessor reviews

have already been submitted.

Right now, Level 2 certification is voluntary, but the DoD will make it mandatory by the end of FY25 using a new contract clause. Vendors should begin preparing immediately with:

  • Self assessments
  • Gap remediation
  • Early engagement with certified third party assessors

To support small and mid size IT firms, the DoD and Army are piloting lower cost compliance pathways such as ENCODE, virtual desktop environments, and simplified cloud options. The Cyber AB is also expanding the CMMC marketplace, giving vendors access to trusted service providers.

Final CMMC rules are expected by late summer 2025 as part of updated DFARS guidance.

Software Fast Track SWFT Faster More Secure Software Approvals

In May 2025, the DoD launched SWFT, a major shift away from slow legacy authorization processes. SWFT is designed to get secure software into the hands of DoD users faster, especially for commercial off the shelf solutions.

What makes SWFT different

  • Security reviews happen before approval
  • AI powered anomaly detection rapidly identifies risks
  • Less duplication across programs, resulting in shorter deployment timelines
  • A clear implementation plan is expected in July 2025

The DoD is actively seeking industry input through a request for information, giving vendors a meaningful opportunity to help shape how future software risk is evaluated.

Software Bill of Materials SBOM Transparency and Accountability

As part of SWFT, vendors will be required to submit:

  • An internal SBOM
  • A third party validated SBOM

AI will analyze both and flag discrepancies for further review. SBOMs must provide a complete inventory of software components, libraries, and dependencies to reduce hidden risk.

To stay ahead:

  • Automate SBOM creation within your development process
  • Work with validation partners early
  • Watch for upcoming DoD requests for information that will define final requirements

The DoD is also exploring standardized SBOM formats similar to OSCAL to streamline reviews.

What This Means for the Defense Ecosystem

The DoD is setting a higher cybersecurity standard across the entire supply chain. These changes are not optional. Every vendor must demonstrate:

  • Strong cybersecurity practices
  • Clear software transparency
  • Faster and more reliable risk management processes

For companies working in or entering the defense space, compliance is now a competitive advantage. The future of DoD contracting belongs to vendors that can move with confidence, trust, and resilience.

How Caddo Technology Group Supports the Mission

Caddo Technology Group partners with DIB contractors, federal agencies, and small businesses to help them:

  • Prepare for CMMC Level 1 and Level 2
  • Implement secure cloud and virtual desktop environments
  • Build SBOM workflows and automation
  • Modernize infrastructure to remain aligned with DoD cybersecurity expectations

We support organizations that want to grow confidently and stay mission ready in a rapidly changing digital environment.

If your organization needs support navigating CMMC, SBOM requirements, or the new SWFT framework, our team is ready to assist.

Other Blog Posts

View All
Blog Post Image
NewsTax Season: When Convenience Comes at the Cost of Cybersecurity

Temporary tax offices may save time, but poor cybersecurity can cost consumers and small business owners far more in the long run. This article explores common security gaps in pop-up tax offices and provides a quick checklist to help you choose a tax preparer that takes data protection seriously.

Look more
Blog Post Image
NewsMulti-Factor Authentication (MFA): Past, Present, and the Passwordless Future

Read our latest article to learn the history, present, and future of MFA and how your organization can prepare.

Look more
Request a Free Assessment Today

Flexible, Month to Month Terms • No Long-Term Contracts • No Hidden Fees • Upfront Recommendations • 24/7 Operations.

Information
Why Choose UsTestimonialsPricingAbout Us
Services
Cyber Security
Network Infrastructure
IT Consultancy
Cloud Migration
Useful Links
Case StudiesCareersBlogFAQ
Copyright All Rights Reserved © 2024 Caddo Technology Group LLC