DoDIN APL Day Agenda 2025

Moderator: Diane Hahn Bellegarde, President & CEO, SoundWay

09:00 | Navigating the Pitfalls on the Path to DoDIN APL Certification (Y20a) Jeremy Duncan, Managing Partner, Tachyon Dynamics
This talk covers common administrative, logistical, and technical pitfalls in achieving certification, offering valuable insights for both new and experienced vendors to streamline their path to approval.

09:30 | Planning for the Next-Gen of Government IT (Y20b) Chip Daniels, VP of Strategy and Operations, SolarWinds
Government IT systems must adapt to meet emerging demands while maintaining strict security and compliance standards. This talk explores strategies for planning and deploying next-generation IT solutions within the Department of Defense, with a focus on navigating DoDIN APL requirements.

10:00 | Post-Quantum Cryptography and DoDIN Certification (Y20c) Stiepan Kovac, Quantum Resistant Cryptography
This talk explores the impact of post-quantum cryptography (PQC) on the DoDIN APL certification process, with insights into emerging PQC standards, how they align with current DoDIN requirements, and strategies for integrating quantum-resistant algorithms into products seeking certification.

Moderator: Robert Teague, Director CMMC Services, Redspin

11:00 | APL Pitfalls—Why Vendors Enter the DoDIN APL Process and Fail and How to Avoid These Issues (Y21a) Kathleen Moyer, Director of Service Delivery, Corsec Security
This talk covers common pitfalls vendors face during the certification journey—from technical non-conformities to documentation errors—and provides practical guidance on how to avoid them. Learn from real-world examples and gain strategies to streamline your path to APL approval, saving time, resources, and frustration.

11:30 | Optimizing Compliance: Streamlining Security and Certification Readiness (Y21b) Shashi Karanam, Senior Manager, Cybersecurity GRC, Comcast
In today’s fast-changing regulatory landscape, continuous compliance is key. This session explores how proactive security assessments and early compliance planning can help vendors streamline certification processes and meet security and interoperability requirements efficiently.

12:00 | Preparing for the DoDIN APL Testing Process (Y21c) Herbert Markle, CC Technical Director and Lead DoDIN APL Consultant, Booz Allen Hamilton
As one prepares a product for the DoDIN APL process there are some things that can be accomplished ahead of time to help make the testing experience better. This talk will focus on upfront planning, lessons learned, and long term planning.

Moderator: Diane Hahn Bellegarde, President & CEO, SoundWay

13:30 | Software Acquisition Guide for Government Enterprise Consumers (Y22a) Sridhar Balasubramanian, Principal Product Security Architect, NetApp, Inc.
This talk explores how the Software Acquisition Guide helps procurement teams assess suppliers’ cybersecurity practices across the software lifecycle—covering development, supply chains, deployment, and vulnerability management.

14:00 | Your Data Their Target (Y22b) Westley McDuffie, Security Evangelist, IBM
This talk highlights how leveraging Intelligence Preparation of the Battlespace (IPB) enables proactive defense—understanding threats, predicting adversary moves, and securing critical information to maintain cyber superiority.

14:30 | A Novel Approach to Reducing Costs (Y22c) Nik Pruthi, President, NIKSUN
A novel approach to reducing compliance and certification costs while simultaneously decreasing your attack surface, improving reliability, and enhancing interoperability.

Moderator: Shrav Mehta, CEO, Secureframe

15:30 Secure, Operate, Defend: Developing for the APL; Planning for Adoption (Y23a) Joshua Fallon, Senior Network Defense Analyst Monitoring & Response Directorate CERT Division, Carnegie Mellon University Software Engineering Institute
This talk explores strategies for managing products throughout their lifecycle to maintain compliance, address evolving security requirements, and ensure continued alignment with DoDIN standards.

16:00 | DISA’s Cybersecurity Pivot: From APL to STIGs—Redefining Trust in the DoDIN (Y23b) Leader: Herbert Markle, CC Technical Director and Lead DoDIN APL Consultant, Booz Allen Hamilton; Panelists: Bill Shelton, Program Director- Certifications, SDL, SBOM, Juniper Networks; Westley McDuffie, Security Evangelist, IBM, Jeremy Duncan, Managing Partner, Tachyon Dynamics

The DoD has announced a plan to sunset its longstanding Approved Products List (APL) program by September 30, 2025. The Defense Information Systems Agency (DISA) and Joint Forces Headquarters-Department of Defense Information Network (JFHQ-DODIN) are leading a sweeping modernization of the validation process for cybersecurity and interoperability within DoDIN. This panel explores the shifting priorities and strategic imperatives that are driving this change—from focusing on interoperability certification under the APL to emphasizing cyber-readiness through the DISA Vendor STIG (Security Technical Implementation Guides) program.

Panelists will examine the transition’s impact on product vendors, integrators, and DoD procurement and authorization stakeholders, while highlighting the broader shift toward proactive cyber deterrence, persistent modernization, and unified mission readiness. Attendees will hear from leaders with insights on policy and implementation, and gain practical understanding of how the Unified Capabilities Requirements (UCR), vendor STIG development, and DoDI 8100.04 updates will define the next era of trusted technology integration in national defense infrastructure.

Key Topics for Discussion:
End of the APL Era: What the sunset of the APL program means for vendors and programs already in the pipeline.
Cybersecurity Compliance via STIGs: How vendor-created STIGs will shape future DoD cybersecurity assurance processes.
Interoperability Enforcement through Contracts: Understanding the new role of UCR compliance and acquisition enforcement.
DISA & JFHQ-DODIN’s Strategic Priorities: Aligning with Gen. Paul Stanton’s vision of readiness, campaigning, modernization, and cyber lethality.
Policy and Program Updates: What to expect from the revised DoDI 8100.04 and how the Fulcrum Strategy supports evolving interoperability needs.
Transition Guidance and Deadlines: Clarity on key dates, artifact continuity, and expectations for products in transition.
Collaborating with DoD CIO and Combatant Commands: How industry can proactively align with the changing threat environment and mission support needs.