Insights
Threat intelligence, CMMC guidance, SDVOSB contracting insights, and federal IT research from the TDS-IS analyst desk. Written for federal program managers, contracting officers, prime contractor business development leads, and SDVOSB partners evaluating a subcontractor fit.
-
CMMC Compliance for Small Defense Contractors: The Complete Guide CMMC
Everything small defense primes and SDVOSB subcontractors need to know about CMMC Level 2: the 110 controls, the four implementation phases, SSP documentation, C3PAO assessment preparation, and the most common gaps assessors find. The authoritative reference for your compliance team.
-
SDVOSB Federal IT Contracting: The Definitive Guide for Government Buyers and Teaming Partners SDVOSB
What SDVOSB certification actually means, how the VA Veterans First mandatory source preference works, what federal buyers evaluate beyond the certificate, teaming agreement structures, and how to position an SDVOSB IT subcontractor against CMMC requirements.
-
Nation-State Tradecraft in Our Honeypot: Why Federal Buyers Should Care About Commercial Threat Intel Threat Intel
A three-year-old Go-based SSH campaign operating from unrouted address space installs immutable backdoors with zero antivirus detection. We captured six sessions in seven days. Here is why this matters for CMMC Level 2 primes evaluating their subcontractor base.
-
SDVOSB Set-Asides and the Capability Gap: What Federal Buyers Actually Need From Managed IT Subs SDVOSB
The Veterans Benefits Act mandatory source preference means SDVOSB status is valuable, but capability gaps kill contracts faster than certification lapses. Here is what federal buyers are really evaluating when they engage an SDVOSB managed IT provider.
-
What 21 Days of Honeypot Attacks Taught Us About SSH Persistence and NIST 800-171 Compliance Threat Intel
Our honeypot captured 21 distinct attack campaigns over three weeks. The recurring pattern across SSH persistence attacks maps directly onto NIST SP 800-171 gaps most small defense primes and subs have never closed. Here is the technical walkthrough.
-
How We Built an AI-Augmented MSP Without Shipping Controlled Unclassified Information to OpenAI AI Governance
Most MSPs are piping customer data into cloud AI services with zero thought about CUI, ITAR, or supply chain exposure. We built a different architecture. Here is the separation of concerns that makes AI tooling defensible for federal workloads.
-
The CMMC Timeline Is Real: What Small Primes and Subs Need to Do Before Q4 2026 CMMC
CMMC Level 2 assessments are no longer optional for primes handling CUI, and the 32 CFR Part 170 rule locks the timeline. Small defense contractors who started compliance work in 2025 are behind. Here is the practical remediation sequence.