Unlocking Federal Security: The Partnership Forging a Passwordless Future

BOSTON, MA and RESTON, VA – June 08, 2026 – In the relentless race to secure the nation's digital infrastructure, the federal government is attempting one of its most ambitious pivots yet: the complete elimination of the password. Driven by White House directives and the hard realities of modern cyber warfare, this shift away from legacy credentials toward a “Zero Trust” architecture represents a monumental operational challenge. A new strategic partnership between cybersecurity innovator Keytos Security and government IT behemoth Carahsoft Technology Corp. aims to provide a powerful engine to accelerate this transition, offering a streamlined path for public sector agencies to adopt the advanced cryptographic infrastructure required for a passwordless future.

The alliance makes Keytos’ comprehensive suite of passwordless identity and Public Key Infrastructure (PKI) solutions available through Carahsoft’s vast network of government contract vehicles. More than a simple reseller agreement, this partnership provides a crucial conduit, connecting cutting-edge technology directly to the complex, highly regulated government procurement ecosystem at a moment of critical need.

The Mandate-Driven Market

The urgency behind this move cannot be overstated. The digital landscape for federal agencies is defined by Executive Order 14028, “Improving the Nation’s Cybersecurity.” This landmark 2021 directive, and the subsequent Office of Management and Budget (OMB) memorandum M-22-09, set aggressive deadlines for agencies to implement a Zero Trust security model. This model dismantles the outdated idea of a trusted internal network, instead demanding that every user and device be continuously verified, regardless of location.

A cornerstone of this strategy is the mandate for phishing-resistant multi-factor authentication (MFA). Traditional MFA, often relying on one-time codes sent via text, has proven vulnerable to sophisticated social engineering attacks. The government now requires stronger methods, such as certificate-based authentication or FIDO2-compliant security keys, which are immune to phishing. This is where the simple, ubiquitous password becomes the primary liability. It is the weak link that attackers consistently exploit.

Guidance from the National Institute of Standards and Technology (NIST), particularly its Zero Trust Architecture (SP 800-207) and Digital Identity Guidelines (SP 800-63), provides the technical blueprint for this transformation. The challenge for agencies is not just conceptual but deeply practical: how to rip and replace decades of password-based infrastructure with modern, certificate-based systems without disrupting critical operations or incurring prohibitive costs. This is the complex problem that the new partnership is designed to solve.

A New Arsenal for Digital Identity

For years, Public Key Infrastructure (PKI)—the system of digital certificates, keys, and authorities that underpins secure communication—has been the gold standard for high-assurance identity. However, managing a traditional, on-premise PKI has been notoriously complex, expensive, and resource-intensive, placing it out of reach for many organizations. Keytos Security, founded by ex-Microsoft engineers with deep expertise in this domain, was built to demolish this barrier.

“We are pleased to partner with Carahsoft to bring our passwordless authentication solutions to the Public Sector,” said Igal Flegmann, Co-Founder and CEO of Keytos Security. “Government agencies face mounting pressure to eliminate passwords and adopt phishing-resistant Zero Trust architectures in line with Executive Order 14028 and CISA guidance.”

Keytos delivers its solutions as a cloud-native service. Its flagship product, EZCA Cloud PKI, replaces cumbersome on-premise certificate authorities with a fully hosted environment backed by FIPS 140-3 (Level 3) hardware security modules (HSMs). This provides the highest level of security for cryptographic keys without the operational burden. The company’s suite of tools automates the entire certificate lifecycle, from issuance to renewal and revocation.

Solutions like EZCMS enable self-service onboarding for PIV-compliant smart cards and security keys, while EZRADIUS secures network access using certificate-based authentication. For developers and system administrators, EZSSH provides just-in-time, certificate-based access to servers and code repositories, eliminating the dangerous practice of using static SSH keys. This comprehensive, integrated toolset allows an agency to build a true passwordless environment, where identity is proven not by what a user knows, but by the cryptographically secured credentials they possess.

The Engine of Public Sector Adoption

While innovative technology is essential, it is often insufficient to penetrate the intricate world of government procurement. This is where Carahsoft’s role as a “Master Government Aggregator” becomes pivotal. The Reston-based firm is a dominant force in the public sector market, acting as a strategic hub that connects thousands of technology vendors with government buyers.

By making Keytos’ solutions available on major contract vehicles like NASA SEWP V, ITES-SW2, and NASPO ValuePoint, Carahsoft effectively adds the technology to a pre-approved government shopping list. This allows a federal CISO or state IT director to procure these critical security tools in a matter of weeks, rather than the months or years a new, independent procurement process would require. It’s an engine of adoption that greases the wheels of modernization.

“Keytos Security delivers advanced passwordless identity solutions across cloud, on-premise, hybrid and IoT environments,” said Tyler Nelson, the Sales Manager who leads the Keytos Security Team at Carahsoft. “The enterprise-grade platform simplifies passwordless identity, enabling agencies to reduce vulnerabilities while automating complex security operations and identity workflows. Together with our reseller partners, Carahsoft looks forward to working with Keytos Security to bring modern cloud-native PKI and identity management capabilities to the Public Sector.”

This model is particularly effective for delivering the cloud-native, software-as-a-service (SaaS) solutions that agencies now favor. It removes the friction between the fast pace of technological innovation and the methodical, compliance-driven pace of government operations.

From Legacy Systems to a Secure Future

The synergy between Keytos’ technology and Carahsoft’s distribution network represents a significant development in the government's push toward Zero Trust. It addresses the three core challenges facing public sector IT leaders: a clear federal mandate, a need for technically superior solutions, and a viable path for acquisition and implementation. The deep integration with Microsoft Azure, a platform already ubiquitous across government, further lowers the barrier to entry.

This partnership is a microcosm of a larger industrial shift. It reflects the move away from building and managing bespoke, on-premise infrastructure toward consuming specialized, highly automated services from the cloud. For the public sector, this means transitioning security from a capital-intensive, manual operation into an agile, service-oriented discipline. By equipping agencies with the tools and the pathway to move beyond passwords, this collaboration is helping to forge a more secure and resilient foundation for the government's digital future.