[{"data":1,"prerenderedAt":689},["ShallowReactive",2],{"blog-list":3},[4,181,342,526],{"id":5,"title":6,"author":7,"body":8,"category":164,"date":165,"description":166,"extension":167,"meta":168,"navigation":170,"path":171,"seo":172,"stem":173,"tags":174,"__hash__":180},"blog\u002Fblog\u002Fhow-government-subcontracting-actually-works.md","How Government Subcontracting Actually Works (From a Sub's Perspective)","Ryan Houpt",{"type":9,"value":10,"toc":154},"minimark",[11,15,18,21,24,29,32,35,38,41,45,48,55,61,67,71,74,77,80,83,86,90,93,99,105,111,117,121,124,127,130,134,137,140,143],[12,13,14],"p",{},"Every article about government subcontracting reads like it was written by someone who has never actually been a sub.",[12,16,17],{},"They'll tell you to \"register on SAM.gov\" and \"attend industry days.\" They'll mention the FAR and cite subcontracting plan requirements. And then they'll wrap up with something about \"building relationships with prime contractors\" like that's a step you can just check off a list on a Tuesday afternoon.",[12,19,20],{},"Here's what they don't tell you: the actual mechanics of how money, work, and trust flow between a prime and a sub. The stuff that matters when you're a 5-person IT shop trying to land your first government subcontract.",[12,22,23],{},"We're Korebase. We're a small custom software development and AI consulting company in San Antonio, and we're building our government contracting business right now. Not from the prime's perspective. From ours.",[25,26,28],"h2",{"id":27},"the-basic-structure-most-people-get-wrong","The Basic Structure Most People Get Wrong",[12,30,31],{},"A government subcontract is not a mini version of a prime contract. It's a commercial agreement between two private companies — the prime and the sub — that happens to exist because the prime holds a government contract.",[12,33,34],{},"The government isn't your customer. The prime is. The government doesn't pay you. The prime pays you. The government probably doesn't even know your name unless you're listed in the subcontracting plan.",[12,36,37],{},"This distinction matters because it changes how you operate. Your proposal doesn't go to a contracting officer. It goes to a program manager at Booz Allen or Leidos or whoever holds the prime. Your invoices go to the prime's accounts payable, not the government's. Your deliverables get reviewed by the prime's technical lead, not the COR.",[12,39,40],{},"The relationship that matters most isn't with the agency. It's with the prime contractor sitting between you and the mission.",[25,42,44],{"id":43},"how-a-sub-actually-gets-selected","How a Sub Actually Gets Selected",[12,46,47],{},"Forget the theory. Here's how it actually happens in most cases:",[12,49,50,54],{},[51,52,53],"strong",{},"Scenario 1: The prime is bidding on a new contract and needs your NAICS code or certification.","\nPrimes have mandatory small business subcontracting goals. On any contract over $900K, they need to show they're giving work to small businesses. If you're 8(a), HUBZone, or SDVOSB, you're not just helpful — you're required. The prime's capture team reaches out months before the proposal is due. You contribute a past performance write-up, key personnel resumes, and a rate sheet. If they win, you're on the team.",[12,56,57,60],{},[51,58,59],{},"Scenario 2: The prime won a contract and needs specific technical skills.","\nThey have 30 days to staff a position. Their bench is empty. They need a senior .NET developer or someone who can implement NIST 800-171 controls. They go to SAM.gov, search your NAICS codes, check your website, and call. This is where having a real website with clear capabilities and a downloadable capability statement matters. They're evaluating you in 15 minutes. If they can't find what they need on your site, they move to the next company in the list.",[12,62,63,66],{},[51,64,65],{},"Scenario 3: You met someone at an industry day and they remembered you.","\nThis one takes 6-12 months but produces the best relationships. You had a real conversation. You followed up. You sent a capability statement. Three months later they're putting a team together and your name comes up. Relationships close deals in GovCon. Everything else gets you on the list.",[25,68,70],{"id":69},"the-money-what-nobody-talks-about","The Money: What Nobody Talks About",[12,72,73],{},"Let's get specific. You're a software developer billing at $150\u002Fhour on a T&M subcontract.",[12,75,76],{},"Your fully burdened rate — after fringe, overhead, and G&A — might be $150\u002Fhour to the prime. The prime marks that up and bills the government maybe $175-$200. The prime's margin on your work is 15-25%. That's how they make money on the subcontract relationship.",[12,78,79],{},"Here's the part that stings: payment timing. Under the Prompt Payment Act, the government pays the prime within 30 days. The prime is then required to pay you within 7 days of receiving payment. In practice? Budget 45-60 days from invoice to cash in your account. Sometimes longer.",[12,81,82],{},"For a small company, that cash flow gap is real. If you're billing 10 hours a week at $150, that's $6,000\u002Fmonth. But you might not see your first check for 60-90 days after you start working. You need enough runway to absorb that.",[12,84,85],{},"Small business accelerated payments help — there's a provision that requires primes to pay small business subs within 15 days. But enforcing that takes more energy than most small companies have.",[25,87,89],{"id":88},"what-you-actually-need-before-your-first-sub-contract","What You Actually Need Before Your First Sub Contract",[12,91,92],{},"SAM.gov registration with your UEI and CAGE code. That's table stakes. But here's what actually matters:",[12,94,95,98],{},[51,96,97],{},"A real capability statement."," One page. Your CAGE code, UEI, NAICS codes, core competencies, past performance, and differentiators. Primes collect these like business cards. If yours looks like a Word template, it goes in the trash. If it looks professional and specific, it goes in the database.",[12,100,101,104],{},[51,102,103],{},"A website that answers questions in 60 seconds."," What do you do? What's your tech stack? What's your past performance? How do I download your capability statement? A prime's BD lead will give you 60 seconds. Make them count.",[12,106,107,110],{},[51,108,109],{},"DCAA-compliant timekeeping from day one."," This catches people off guard. If you're on a cost-type or T&M subcontract, the prime can flow down DCAA audit requirements. That means daily timekeeping, segregated direct and indirect costs, and defensible billing rates. QuickBooks plus a proper timekeeping tool like Hour Timesheet or PROCAS will run you $4-6K a year. Set this up before you need it.",[12,112,113,116],{},[51,114,115],{},"CMMC readiness."," If you're touching any federal contract information on DoD work, CMMC Level 1 self-assessment is already required. That's 17 security practices, a self-assessment, and an entry in SPRS. Primes are already screening subs for this. It costs $4-6K to implement and a few weeks of effort.",[25,118,120],{"id":119},"the-10-hour-per-week-reality","The 10-Hour-Per-Week Reality",[12,122,123],{},"Most small business subcontracts start small. Maybe 10 hours per week on a single task order. At $150\u002Fhour, that's $78,000 a year from one prime. Not life-changing. But stack three of those and you're at $234,000. Five primes at varying hours and you're clearing half a million.",[12,125,126],{},"The game isn't about landing one massive contract. It's about building a portfolio of steady sub relationships that compound over time. Each one gives you past performance. Each one introduces you to people at other primes. Each one proves you can deliver.",[12,128,129],{},"Year one is about getting on the board. Year two is about scaling. Year three is where it gets interesting.",[25,131,133],{"id":132},"what-were-learning-right-now","What We're Learning Right Now",[12,135,136],{},"We just got our SAM.gov registration done. CAGE code is pending. We're learning every piece of this in real time. And honestly, most of the information out there about government subcontracting is either too high-level to be useful or written by people selling you consulting services.",[12,138,139],{},"So we're going to write about it as we go. The real version. What works, what doesn't, what costs money, and what's a waste of time.",[12,141,142],{},"If you're a small IT company thinking about government contracting, you're not alone. And if you're a prime looking for a sub who actually builds software and shows up — that's us.",[12,144,145,146,153],{},"Check out our capabilities at ",[147,148,152],"a",{"href":149,"rel":150},"https:\u002F\u002Fkorebase.net",[151],"nofollow","korebase.net"," or just reach out. We answer the phone.",{"title":155,"searchDepth":156,"depth":156,"links":157},"",2,[158,159,160,161,162,163],{"id":27,"depth":156,"text":28},{"id":43,"depth":156,"text":44},{"id":69,"depth":156,"text":70},{"id":88,"depth":156,"text":89},{"id":119,"depth":156,"text":120},{"id":132,"depth":156,"text":133},"GovCon Business","2026-03-26","What nobody tells small businesses about working as a government subcontractor. The real process, the real timeline, and the real money — from a company doing it.","md",{"image":169},"\u002Fimages\u002Fblog\u002Fhow-government-subcontracting-actually-works.png",true,"\u002Fblog\u002Fhow-government-subcontracting-actually-works",{"title":6,"description":166},"blog\u002Fhow-government-subcontracting-actually-works",[175,176,177,178,179],"government contracting","subcontracting","small business","prime contractors","GovCon","A6YyjXxsS55f_JY_O76X58WQL62qO6NE5Qu0wX_qIMw",{"id":182,"title":183,"author":184,"body":185,"category":329,"date":330,"description":331,"extension":167,"meta":332,"navigation":170,"path":333,"seo":334,"stem":335,"tags":336,"__hash__":341},"blog\u002Fblog\u002Fai-governance-federal-agencies-nist-rmf.md","AI Governance for Federal Agencies: What NIST AI RMF Means for Your Mission","Korebase Team",{"type":9,"value":186,"toc":323},[187,191,194,198,216,221,226,231,236,240,243,271,275,278,296,299,303,306,309,312],[188,189,183],"h1",{"id":190},"ai-governance-for-federal-agencies-what-nist-ai-rmf-means-for-your-mission",[12,192,193],{},"The NIST AI Risk Management Framework (AI RMF) is not optional anymore. With OMB memoranda M-25-21 and M-25-22 setting expectations for federal AI use, agencies and their contractors need a clear path to compliance. Here is what you need to know.",[25,195,197],{"id":196},"what-the-nist-ai-rmf-actually-requires","What the NIST AI RMF Actually Requires",[12,199,200,201,204,205,204,208,211,212,215],{},"The framework is organized around four functions: ",[51,202,203],{},"Govern",", ",[51,206,207],{},"Map",[51,209,210],{},"Measure",", and ",[51,213,214],{},"Manage",". Each function addresses a different aspect of AI risk.",[12,217,218,220],{},[51,219,203],{}," establishes the organizational structures and policies for AI oversight. This is where most agencies should start — before you build anything, you need to know who is responsible for AI decisions and what rules they follow.",[12,222,223,225],{},[51,224,207],{}," is about understanding the context. What are you using AI for? Who is affected? What could go wrong? This is not theoretical risk assessment — it is a practical inventory of how AI touches your operations.",[12,227,228,230],{},[51,229,210],{}," means quantifying AI system performance, reliability, and fairness. You need metrics, not opinions. How accurate is the system? How often does it fail? Does it perform differently for different populations?",[12,232,233,235],{},[51,234,214],{}," is the ongoing response — what do you do when you find problems? How do you update, retrain, or decommission AI systems that are not performing as expected?",[25,237,239],{"id":238},"the-practical-path-forward","The Practical Path Forward",[12,241,242],{},"Most agencies overcomplicate this. You do not need a 200-page AI strategy document before you can start using AI effectively. Here is a practical approach:",[244,245,246,253,259,265],"ol",{},[247,248,249,252],"li",{},[51,250,251],{},"Start with an inventory."," What AI tools and systems are you already using? Include everything from automated email filters to predictive analytics. You cannot govern what you have not identified.",[247,254,255,258],{},[51,256,257],{},"Categorize by risk."," Not all AI applications carry the same risk. An AI-powered scheduling assistant is different from an AI system making benefits eligibility decisions. Spend your governance energy where the risk is highest.",[247,260,261,264],{},[51,262,263],{},"Build governance incrementally."," Establish a basic AI oversight structure now. Add detail as you learn what your organization actually needs. A lightweight framework that gets followed is better than a comprehensive one that sits on a shelf.",[247,266,267,270],{},[51,268,269],{},"Document as you go."," Every AI deployment should have documentation that explains what the system does, what data it uses, how it was tested, and who is responsible for it. This is not overhead — it is operational necessity.",[25,272,274],{"id":273},"what-this-means-for-contractors","What This Means for Contractors",[12,276,277],{},"If you are a contractor building AI systems for federal agencies, NIST AI RMF compliance is becoming table stakes. Your proposals need to address:",[279,280,281,284,287,290,293],"ul",{},[247,282,283],{},"How you will implement the four framework functions",[247,285,286],{},"Your approach to AI testing and evaluation",[247,288,289],{},"How you handle bias detection and mitigation",[247,291,292],{},"Your process for ongoing monitoring after deployment",[247,294,295],{},"Documentation deliverables for each AI component",[12,297,298],{},"Agencies are increasingly including AI governance requirements in RFPs. The contractors who can deliver on these requirements — not just check boxes, but actually implement effective governance — will win more work.",[25,300,302],{"id":301},"the-bottom-line","The Bottom Line",[12,304,305],{},"AI governance is not a barrier to AI adoption. It is what makes AI adoption sustainable. The agencies that get governance right will be the ones that can actually scale AI across their operations without the political risk of a high-profile failure.",[12,307,308],{},"If you need help implementing AI systems with proper governance baked in, that is what we do. We build AI systems that work in production and meet the compliance requirements your agency needs.",[310,311],"hr",{},[12,313,314],{},[315,316,317,318,322],"em",{},"Korebase LLC provides AI consulting and integration services for federal government and prime contractors. We are model-agnostic and governance-first. ",[147,319,321],{"href":320},"\u002Fcontact","Contact us"," to discuss your AI needs.",{"title":155,"searchDepth":156,"depth":156,"links":324},[325,326,327,328],{"id":196,"depth":156,"text":197},{"id":238,"depth":156,"text":239},{"id":273,"depth":156,"text":274},{"id":301,"depth":156,"text":302},"AI and Government","2026-03-15","A practical guide to implementing the NIST AI Risk Management Framework in federal operations. What it requires, what it does not, and how to get started without overthinking it.",{},"\u002Fblog\u002Fai-governance-federal-agencies-nist-rmf",{"title":183,"description":331},"blog\u002Fai-governance-federal-agencies-nist-rmf",[337,338,339,340],"AI","NIST AI RMF","Federal","Governance","LL4ThF8GOCHSXpJVf3ylxUgaEWEb9SvVKZwJCGyK04o",{"id":343,"title":344,"author":184,"body":345,"category":513,"date":514,"description":515,"extension":167,"meta":516,"navigation":170,"path":517,"seo":518,"stem":519,"tags":520,"__hash__":525},"blog\u002Fblog\u002Fcmmc-level-1-what-contractors-need-to-know.md","CMMC Level 1: What Small Contractors Need to Know Before November 2026",{"type":9,"value":346,"toc":506},[347,350,353,357,360,363,401,404,408,411,431,434,438,464,468,488,490,493,496,498],[188,348,344],{"id":349},"cmmc-level-1-what-small-contractors-need-to-know-before-november-2026",[12,351,352],{},"CMMC Phase 2 assessments are approaching, and small IT contractors cannot afford to ignore this anymore. Here is a straightforward breakdown of what Level 1 requires and how to prepare.",[25,354,356],{"id":355},"what-cmmc-level-1-actually-is","What CMMC Level 1 Actually Is",[12,358,359],{},"CMMC Level 1 covers the basics of cybersecurity hygiene. It is based on 17 practices from NIST SP 800-171 — the ones that should already be in place if you handle any Federal Contract Information (FCI).",[12,361,362],{},"These are not exotic security measures. They include things like:",[279,364,365,371,377,383,389,395],{},[247,366,367,370],{},[51,368,369],{},"Access Control:"," Limit system access to authorized users",[247,372,373,376],{},[51,374,375],{},"Identification and Authentication:"," Verify who is accessing your systems",[247,378,379,382],{},[51,380,381],{},"Media Protection:"," Sanitize media before disposal",[247,384,385,388],{},[51,386,387],{},"Physical Protection:"," Limit physical access to systems",[247,390,391,394],{},[51,392,393],{},"System and Communications Protection:"," Monitor and protect system boundaries",[247,396,397,400],{},[51,398,399],{},"System and Information Integrity:"," Identify and fix system flaws promptly",[12,402,403],{},"If these sound basic, they are. That is the point. Level 1 is about proving you do the fundamentals consistently, not about implementing advanced security operations.",[25,405,407],{"id":406},"what-it-costs","What It Costs",[12,409,410],{},"For a small IT contractor, CMMC Level 1 compliance should not break the bank:",[279,412,413,419,425],{},[247,414,415,418],{},[51,416,417],{},"Self-assessment:"," Level 1 is self-assessed. You do not need to hire a C3PAO (that is Level 2).",[247,420,421,424],{},[51,422,423],{},"Implementation costs:"," If you are already following basic security practices, the gap should be small. Budget for documentation, maybe some policy updates, and potentially some tool upgrades.",[247,426,427,430],{},[51,428,429],{},"Ongoing costs:"," Annual self-assessment and continuous practice maintenance.",[12,432,433],{},"The biggest cost for most small contractors is not technology — it is documentation. You need to prove you are doing what you say you are doing.",[25,435,437],{"id":436},"how-to-prepare","How to Prepare",[244,439,440,446,452,458],{},[247,441,442,445],{},[51,443,444],{},"Run a gap assessment now."," Compare your current practices against the 17 Level 1 requirements. Be honest about what you actually do, not what your policy says you do.",[247,447,448,451],{},[51,449,450],{},"Fix the gaps."," Most small contractors have 2-5 practices that need work. Common gaps: formal access control policies, media sanitization procedures, and documentation of security practices.",[247,453,454,457],{},[51,455,456],{},"Document everything."," For each of the 17 practices, document: what you do, how you do it, who is responsible, and evidence that it is happening. Screenshots, logs, policy documents — whatever proves compliance.",[247,459,460,463],{},[51,461,462],{},"Build it into operations."," CMMC is not a one-time audit. The practices need to be part of how you operate every day. If you implement something just for the assessment and then stop doing it, you are not compliant.",[25,465,467],{"id":466},"common-mistakes","Common Mistakes",[279,469,470,476,482],{},[247,471,472,475],{},[51,473,474],{},"Over-engineering:"," Level 1 does not require enterprise-grade security infrastructure. It requires consistent basic practices. Do not spend money you do not need to spend.",[247,477,478,481],{},[51,479,480],{},"Ignoring documentation:"," The practices without documentation are just habits. And habits are not auditable.",[247,483,484,487],{},[51,485,486],{},"Waiting too long:"," Start now. Even Level 1 takes time to document properly, and the closer you get to the deadline, the more expensive help becomes.",[25,489,302],{"id":301},[12,491,492],{},"CMMC Level 1 is achievable for any small IT contractor willing to take it seriously. The requirements are reasonable, the costs are manageable, and the alternative — being unable to bid on DoD contracts — is not acceptable if federal work is part of your business strategy.",[12,494,495],{},"Start your gap assessment now. Fix what needs fixing. Document everything. And do not let perfect be the enemy of compliant.",[310,497],{},[12,499,500],{},[315,501,502,503,505],{},"Korebase LLC is actively preparing for CMMC compliance. We help prime contractors and agencies understand cybersecurity requirements and implement practical solutions. ",[147,504,321],{"href":320}," to discuss your compliance needs.",{"title":155,"searchDepth":156,"depth":156,"links":507},[508,509,510,511,512],{"id":355,"depth":156,"text":356},{"id":406,"depth":156,"text":407},{"id":436,"depth":156,"text":437},{"id":466,"depth":156,"text":467},{"id":301,"depth":156,"text":302},"CMMC and Cybersecurity","2026-03-01","CMMC Phase 2 is approaching. Here is what small IT contractors need to know about Level 1 compliance, what it costs, and how to prepare without overspending.",{},"\u002Fblog\u002Fcmmc-level-1-what-contractors-need-to-know",{"title":344,"description":515},"blog\u002Fcmmc-level-1-what-contractors-need-to-know",[521,522,523,524],"CMMC","Cybersecurity","Compliance","Small Business","U2gaa0c04PM3zjVUjMR32vYIxlBRdm-xvJvYIiGbQCU",{"id":527,"title":528,"author":184,"body":529,"category":677,"date":678,"description":679,"extension":167,"meta":680,"navigation":170,"path":681,"seo":682,"stem":683,"tags":684,"__hash__":688},"blog\u002Fblog\u002Fwhy-off-the-shelf-software-fails-government.md","Why Off-the-Shelf Software Fails Government Operations",{"type":9,"value":530,"toc":670},[531,534,537,541,544,550,556,562,568,572,575,601,605,608,622,625,629,632,652,654,657,660,662],[188,532,528],{"id":533},"why-off-the-shelf-software-fails-government-operations",[12,535,536],{},"Commercial off-the-shelf (COTS) software is the default recommendation for most government IT projects. And sometimes it is the right call. But too often, agencies force-fit COTS solutions into operations that need something purpose-built — and then spend more money customizing the COTS product than a custom solution would have cost in the first place.",[25,538,540],{"id":539},"the-cots-promise-vs-reality","The COTS Promise vs. Reality",[12,542,543],{},"The pitch is always the same: buy a proven product, implement it quickly, benefit from vendor updates, and avoid the risk of custom development. It sounds logical. Here is what actually happens:",[12,545,546,549],{},[51,547,548],{},"The 80\u002F20 problem."," COTS products cover about 80% of what you need. The remaining 20% — the part that makes your operations different from everyone else's — either cannot be done or requires expensive customization. And that 20% is usually the part that matters most.",[12,551,552,555],{},[51,553,554],{},"Customization costs more than custom."," Once you start customizing a COTS product beyond its intended design, you are fighting the platform. Every update from the vendor risks breaking your customizations. Every new requirement requires a consultant who understands both your business AND the vendor's platform.",[12,557,558,561],{},[51,559,560],{},"Vendor lock-in."," Your data lives in someone else's system, in someone else's format. If you want to switch, migration is painful and expensive. The vendor knows this, and pricing reflects it.",[12,563,564,567],{},[51,565,566],{},"The update treadmill."," Vendor updates are mandatory but disruptive. Each major version requires testing, potential recustomization, and retraining. You are on the vendor's timeline, not yours.",[25,569,571],{"id":570},"when-custom-software-makes-sense","When Custom Software Makes Sense",[12,573,574],{},"Custom software is the right choice when:",[279,576,577,583,589,595],{},[247,578,579,582],{},[51,580,581],{},"Your processes are your competitive advantage."," If the way you do things is what makes you effective, forcing those processes into a generic tool undermines your effectiveness.",[247,584,585,588],{},[51,586,587],{},"Integration requirements are complex."," Custom applications can be designed from the start to connect with your existing systems. COTS products integrate with what the vendor decided to support.",[247,590,591,594],{},[51,592,593],{},"You need full control."," You own the code, you control the roadmap, you decide when and how to update. No vendor decisions affect your operations.",[247,596,597,600],{},[51,598,599],{},"The total cost of ownership favors it."," When you factor in licensing, customization, integration, training, and ongoing vendor fees, custom development often costs less over a 5-year period than a heavily customized COTS product.",[25,602,604],{"id":603},"when-cots-is-fine","When COTS Is Fine",[12,606,607],{},"To be fair, COTS is the right choice for commodity functions:",[279,609,610,613,616,619],{},[247,611,612],{},"Email and office productivity (use Microsoft 365 or Google Workspace)",[247,614,615],{},"Basic project management (use what works for your team)",[247,617,618],{},"Standard HR and payroll functions",[247,620,621],{},"Common accounting operations",[12,623,624],{},"If your needs match what the product does out of the box, buy the product. The moment you start heavily customizing, reconsider.",[25,626,628],{"id":627},"the-decision-framework","The Decision Framework",[12,630,631],{},"Ask three questions:",[244,633,634,640,646],{},[247,635,636,639],{},[51,637,638],{},"Does this process differentiate our operations?"," If yes, custom. If no, COTS.",[247,641,642,645],{},[51,643,644],{},"Will we need to customize more than 20% of the COTS product?"," If yes, custom is likely cheaper long-term.",[247,647,648,651],{},[51,649,650],{},"Do we need tight integration with existing systems?"," If yes, custom gives you more control over integration quality.",[25,653,302],{"id":301},[12,655,656],{},"There is no universal right answer. COTS and custom software each have their place. The mistake is defaulting to COTS because it seems safer. Sometimes the safe choice is the expensive one.",[12,658,659],{},"If you are evaluating whether your operations need custom software or a COTS solution, we can help you make that assessment honestly. We build custom software, but we will tell you if a COTS product is the better fit. We would rather give honest advice than sell unnecessary work.",[310,661],{},[12,663,664],{},[315,665,666,667,669],{},"Korebase LLC builds custom applications for federal government and enterprise operations. We tell you what you actually need — even if the answer is not us. ",[147,668,321],{"href":320}," to discuss your situation.",{"title":155,"searchDepth":156,"depth":156,"links":671},[672,673,674,675,676],{"id":539,"depth":156,"text":540},{"id":570,"depth":156,"text":571},{"id":603,"depth":156,"text":604},{"id":627,"depth":156,"text":628},{"id":301,"depth":156,"text":302},"Software Modernization","2026-02-15","COTS solutions promise everything and deliver compromise. Here is when custom software makes more sense for federal agencies — and when it does not.",{},"\u002Fblog\u002Fwhy-off-the-shelf-software-fails-government",{"title":528,"description":679},"blog\u002Fwhy-off-the-shelf-software-fails-government",[685,686,339,687],"Custom Software","COTS","Modernization","FeuWeKLXu9izAnydYiRUtDizovVIDsbokNxmR4HrPCo",1775831312849]