Semperis Government Solutions and Carahsoft Technology have announced that the Semperis Identity Resilience Platform is now available through Carahsoft’s SEWP V and ITES-SW2 contract vehicles. For government agencies navigating an intensifying wave of identity-targeted cyberattacks, this is not a routine procurement update. It is a direct acceleration of access to identity threat detection, automated recovery, and Active Directory resilience capabilities at a moment when nation-state threat groups are actively targeting hybrid identity systems across the public sector. The procurement path is now cleared. The question is how fast agencies move.
What Happened: Semperis Identity Resilience Platform Joins SEWP V and ITES-SW2
Semperis Government Solutions has been added to two of the most widely used federal procurement contract vehicles Carahsoft’s SEWP V and ITES-SW2 making the Semperis Identity Resilience Platform directly accessible to federal, state and local governments, and educational institutions without the delay of individual contract negotiations.
What this procurement addition unlocks for government agencies:
- Direct access to Semperis’ full identity-driven cyber resilience portfolio through established contract vehicles
- Identity Threat Detection and Response capabilities designed specifically for hybrid identity environments
- Automated Active Directory hardening and malware-free recovery compressing recovery time from days or weeks down to minutes or hours
- Identity Forensics and Incident Response services for post-attack analysis and reinfection prevention
- Crisis-response tools covering the full identity attack lifecycle before, during, and after a cyberattack
- Integration with Cohesity for automated malware-free backups, immutable air-gapped storage, and simplified management
The platform is already in use by agencies including the U.S. Department of War, with the contract vehicle addition designed to streamline access for a broader range of public sector organizations.
Why This Matters
This announcement lands at a moment when the public sector’s identity security problem has moved from a known risk to an active operational crisis.
Nation-state threat groups have identified hybrid identity systems and Active Directory specifically as the highest-leverage target in government environments. A compromised identity solution is not only about compromising data; it can lead to the disruption of essential systems, government operations, and recovery time that may span days or even weeks without adequate resources. That is not an acceptable outcome for agencies running essential public infrastructure.
Three forces are making this contract vehicle addition strategically significant right now:
- Nation-state attacks on government identity systems are intensifying and becoming more sophisticated. The shift to hybrid work, cloud adoption, and expanded digital government services has enlarged the identity attack surface in ways that legacy identity tools were not designed to defend. Threat groups are exploiting this gap with “low and slow” identity abuse techniques designed to evade standard detection.
- Federal mandates are forcing identity security investment. Zero Trust architecture requirements, ICAM program mandates, and NIST Cybersecurity Framework operationalization are all pushing government agencies toward structured identity security investments. Having Semperis available on contract vehicles removes the procurement friction that has historically slowed these investments down.
- Recovery speed is now a mission continuity issue, not just a security metric. The difference between recovering Active Directory in minutes versus days is not an IT performance metric in a government context it is the difference between continuity of public services and a cascading operational failure. Agencies that cannot recover identity systems rapidly are accepting a risk that federal oversight bodies are increasingly unwilling to tolerate.
Voice From the Field
“Cyber resilience is now a core priority. Securing and rapidly recovering malware-free Active Directory in minutes to hours versus days to weeks is a necessity for reducing cyber risk and improving business continuity.” Randall Belknap, General Manager of Federal, Semperis
“Through our SEWP V and ITES-SW2 contracts, government agencies can more easily access Semperis’ solutions to strengthen their identity systems and better defend against evolving threats. The company’s platform enables agencies to enhance cyber resilience by protecting against cyberattacks, data breaches and operational errors.” Brian O’Donnell, Vice President of Cybersecurity Solutions, Carahsoft
These statements reflect something that public sector security leaders are already feeling directly the window for treating identity resilience as a future roadmap item has closed. It is a present operational requirement.
Impact on Buyers
This development creates three distinct pressure points for public sector security and IT leaders:
1. Risk Exposure, What Is Actually at Stake
Hybrid identity systems sit at the center of every government agency’s operational infrastructure. Email, collaboration tools, mission-critical applications, privileged access all of it flows through identity. When nation-state threat groups target these systems using low-and-slow attack techniques designed to avoid detection, the exposure window can stretch for weeks before discovery. And when compromise is confirmed, agencies without purpose-built recovery capability face extended outages that go far beyond a security incident they become public service failures with political and regulatory consequences.
2. Operational Pressure, What Agency Security Teams Are Being Asked to Deliver
Federal, state, and local agency security teams are simultaneously being asked to implement Zero Trust architecture, operationalize ICAM programs, comply with NIST Cybersecurity Framework requirements, and defend against an escalating volume of identity-targeted attacks often with constrained budgets and limited specialist headcount. The SEWP V and ITES-SW2 contract vehicle availability removes one of the most common operational bottlenecks: procurement cycle time. Agencies that have been building the business case for identity resilience investment can now move faster.
3. Budget Implication Where Public Sector Identity Security Spending Is Heading
Contract vehicle availability on SEWP V and ITES-SW2 is a leading indicator of procurement momentum. When a platform with this level of specificity identity threat detection, automated AD recovery, forensics, and crisis response in a single portfolio becomes directly accessible through established vehicles, budget conversations that were in planning stages accelerate to active procurement discussions. Identity security is already a mandated priority across federal frameworks. The friction has been procurement speed, not intent.
Demand Signal
This contract vehicle addition is a direct trigger for accelerated buying in the following categories:
| Category | Why Demand Is Moving Now |
|---|---|
| Identity Threat Detection and Response (ITDR) | Nation-state targeting of hybrid identity systems is forcing ITDR from optional to mandatory across public sector environments |
| Active Directory Security and Recovery | AD remains the primary target in government identity attacks purpose-built recovery capability is now a mission continuity requirement |
| Zero Trust Identity and ICAM Programs | Federal Zero Trust mandates and ICAM requirements are creating structured procurement demand that contract vehicle availability now accelerates |
| Identity Forensics and Incident Response | Post-attack reinfection prevention requires forensic capability that general IR tools do not provide for identity-specific compromise scenarios |
| Cyber Resilience Platforms for Government | Full-lifecycle identity coverage before, during, and after attack is emerging as the evaluation standard for public sector identity security procurement |
What Public Sector Security Leaders Should Do
In the Next 30 Days:
- Confirm whether your agency’s current identity security stack includes purpose-built Active Directory detection and recovery capability or whether AD resilience is being handled by general backup tools not designed for malware-free recovery
- Assess your current mean time to recover identity systems following a compromise scenario and benchmark it against the minutes-to-hours standard that mission continuity now requires
- Review your agency’s Zero Trust and ICAM program roadmap against the identity resilience capabilities now available through SEWP V and ITES-SW2 contract vehicles
Between 30 and 60 Days:
- List out the identity attacks in your hybrid infrastructure that the existing systems cannot detect slow identity attacks need custom behavior detection capabilities, not perimeter-based detection mechanisms
- Engage your procurement and contracting teams on SEWP V and ITES-SW2 vehicle eligibility to accelerate the path from evaluation to deployment for identity resilience tools
- Conduct a tabletop exercise specifically focused on identity system compromise and recovery and document the gaps between your current recovery capability and mission continuity requirements
Between 60 and 90 Days:
- Develop an identity resilience approach that explicitly states what the identity lifecycle protection process will entail in terms of pre-incident resilience, resilience management during the incident, and resilience post-incident
- Establish immutable, air-gapped backup capability for identity systems as a baseline infrastructure requirement rather than an advanced option
- Align identity security investment with agency-level cyber resilience reporting to ensure identity program maturity is visible at the leadership level and reflected in budget planning cycles
CyberTech Intelligence POV
At CyberTech Intelligence, this contract vehicle addition reflects a procurement reality that public sector security leaders need to act on quickly:
The mandate for identity security in government environments already exists. The procurement path is now clear. What remains is execution speed and that is where agencies will differentiate their risk posture.
Nation-state threat groups are not waiting for procurement cycles to complete. They are actively targeting hybrid identity systems using techniques designed to operate below the detection threshold of legacy tools for weeks before triggering any response. The agencies that move from awareness to active deployment of purpose-built identity resilience capability in the next one to two quarters will be materially better positioned than those still working through internal approval processes when an incident occurs.
Demand is not created. It is triggered by risk, urgency, and market events.
The combination of nation-state attack intensity, federal identity security mandates, and newly streamlined contract vehicle access is one of the clearest near-term procurement signals in the public sector security market. The organizations and vendors that recognize and move on this signal now will convert it into deployed capability. Those that treat it as a vendor announcement will be reacting to an incident before they finish the evaluation.
Who Should Care
| Role | Why This Is Directly Relevant |
|---|---|
| Federal and Agency CISOs | Identity system compromise is the highest-impact attack scenario in government environments full-lifecycle resilience is now a mission continuity requirement |
| ICAM and Identity Program Leaders | Zero Trust and ICAM mandates require identity security investments that SEWP V and ITES-SW2 availability now makes faster to procure and deploy |
| IT and Infrastructure Leaders | Active Directory recovery speed is a mission continuity metric current general backup tools are not designed for malware-free identity system recovery |
| GRC and Compliance Teams | NIST CSF operationalization, Zero Trust architecture requirements, and federal oversight pressure all point directly to identity resilience program investment |
| Procurement and Contracting Officers | SEWP V and ITES-SW2 contract vehicle availability removes the primary procurement barrier for agencies with active identity security budget authority |
Public sector identity security budgets are moving now, driven by nation-state attack intensity, federal Zero Trust and ICAM mandates, and contract vehicle availability that removes the procurement friction that has historically slowed these investments.
See where your pipeline is exposed
Cyber resilience demands smarter investment decisions, not just stronger defenses.
Discover the KPIs top enterprises use to govern, benchmark and optimize total spend with native AI.
Get the Coupa Benchmark Report
Source :– semperis.com
Recommended Cyber Technology News :
- Palo Alto Networks Warns of Critical PAN-OS Flaw Allowing Unauthenticated Root Access
- CrowdStrike AI Security Expansion: What It Means for CISOs, AI Risk & Security Budgets
- KnowBe4 AI Security Training Launch: Why CISOs Are Investing in Human Risk Management
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
