From Mandate to Action: Automating Federal Software Supply Chain Compliance

The Mission: Accelerate Delivery While Mastering Federal Mandates

Federal agencies and defense contractors are navigating a complex regulatory landscape, from the security-by-design requirements of EO 14028 to the rigorous audit standards of CMMC 2.0. As compliance burdens like NIST SP 800-218 (SSDF) and OMB Memo M-22-18 grow, engineering teams need a way to automate security without stalling the mission.

In this session, Brian Mikkelsen (VP of Public Sector, JFrog) and Sudhindra Rao (Senior Strategic Solution Architect, JFrog) demonstrate how to transform compliance from a manual bottleneck into an automated, frictionless part of your DevSecOps pipeline. Presented in partnership with Carahsoft, this webinar explores how to transform manual bottlenecks into automated, frictionless DevSecOps guardrails that accelerate your ATO (Authority to Operate).

What We Covered

• Automated Mandate Alignment: How to operationalize EO 14028 and SSDF through automated, machine-readable SBOMs for every build.
• Contextual Remediation: Using JFrog’s advanced scanning to identify which CVEs are truly exploitable, reducing developer fatigue and “noise.”
• Governance at Scale: Implementing policy-driven guardrails that satisfy CMMC 2.0 and OMB M-22-18 requirements without manual intervention.
• The Hardened Software Factory: Strategies for securing the full binary lifecycle to ensure only vetted, compliant code reaches production.

Watch the replay and learn more about JFrog for Public Sector.