Governance Briefing — September 30, 2025
Federal agencies must meet OMB’s FY 2025 milestone of enabling IPv6-only operations for at least 80 percent of IP-enabled assets, pressuring contractors and integrators to prove dual-stack retirement plans and telemetry coverage.
Executive briefing: Office of Management and Budget Memorandum M-21-07 sets September 30, 2025 as the fiscal-year deadline for agencies to operate IPv6-only networks for 80 percent of IP-enabled information systems. Program offices need validated inventories, transition plans, and acquisition clauses ensuring vendor products run natively on IPv6 with no mission degradation.
Key compliance checkpoints
- Inventory attestation. Update authoritative asset inventories to classify IPv4-only, dual-stack, and IPv6-only systems, including shadow IT and operational technology.
- Acquisition controls. Embed IPv6 requirements in new contracts and recompetes, aligning with FAR 52.239-1 and mandating supplier test evidence.
- Telemetry validation. Confirm security tooling, SIEM feeds, and TIC overlays parse IPv6 logs with parity to IPv4 coverage.
Control alignment
- NIST SP 800-119. Revisit IPv6 security considerations to harden access control lists, neighbour discovery protections, and transition tunnelling decommissioning.
- CISA TIC 3.0 overlays. Update zero trust target architecture diagrams to show IPv6 enforcement points and encrypted traffic inspection pathways.
- OMB M-22-09 Zero Trust Strategy. Ensure identity, device, and network pillars account for IPv6 telemetry so progress reporting remains credible.
Implementation priorities
- Execute phased shutdowns of legacy IPv4-only services, starting with development and test environments to validate automation pipelines.
- Stage IPv6 readiness assessments for managed service providers and cloud platforms supporting high-value assets and FISMA systems.
Enablement moves
- Deliver IPv6 operations training for network engineers, SOC analysts, and acquisition staff focused on troubleshooting, addressing plans, and monitoring metrics.
- Publish quarterly dashboards to agency leadership summarising coverage percentages, exception requests, and remediation timelines.
Sources
- OMB Memorandum M-21-07: Completing the Transition to Internet Protocol Version 6 (November 19, 2020)
- Federal CIO Council implementation guidance for OMB M-21-07 (January 2021)
Zeph Tech partners with federal programmes to rationalise IPv4 dependencies, modernise security monitoring, and evidence contractor readiness for the FY 2025 IPv6 adoption target.