17 win $6B DHS continuous monitoring contract

The General Services Administration and the Homeland Security Department have issued a slew of awards as part of a $6 billion cloud-based cybersecurity offering.

Seventeen companies have won blanket purchase agreements to provide a variety of cyber tools as part of DHS’s Continuous Diagnostics and Mitigation program. GSA describes it as Continuous Monitoring as a Service or CMaaS.

FederalNewsRadio first reported the awards. DHS so far has not commented on the awards and GSA is referring reporter calls to DHS.

GSA has set up a portal for ordering through the CDM program at www.gsa.gov/cdm. The contract has a one-year base and four one-year options.

The winning companies are:

• Booz Allen Hamilton
• CGI Federal
• Computer Sciences Corp.
• DMI
• Dynamics Research Corp.
• General Dynamics
• Hewlett-Packard
• IBM Corp.
• Knowledge Consulting Group
• Kratos
• Lockheed Martin
• ManTech International
• MicroTech
• Northrop Grumman
• Science Applications International Corp.
• SRA International
• Technica

The companies will be competing for task orders under the BPA, which is open to all government agencies.

Agencies will be able to buy sensors and other diagnostic tools that will be used to identify and fix network security problems. The tools also will be used to prioritize and mitigate risks. The BPA will allow agencies to establish continuous monitoring dashboards, according to solicitation documents.

The goal is to combat network threats in real-time by letting agencies enhance current monitoring capabilities and analyze security-related information. The result, according to GSA, is to help agencies make risk-based decisions.

The BPAs also should drive down the costs of buying a wide-range of security products and tools in 15 different functional areas.

The functional areas included hardware, software, configuration management, vulnerability management, management of network access controls, account access, contingencies and incidents and policy and planning.

Other functional areas deal with managing credentials and authentication, trusting people granted access to systems, and managing security-related behavior.

Each of the primes on the contract have teammates draw from some of the better known cybersecurity product companies such as McAfee, ForeScout, Tivoli, ServiceNow, ForeScout, Symantec, IBM, HP, CA and ViewTrust.

Many of the product companies are on multiple teams.

McAfee, for example, is on 11 of the 17 teams.

Ken Karsten, vice president of federal sales for McAfee, said that the contract is a “huge leap forward for the government.”

The contract will let agencies standardize across their enterprise and leverage their buying power to lower costs while getting improved products and services, he said.

With sequestration and budget cuts, finding savings and lowering costs is critical, Karsten said.

The contract will help agencies shift their security posture. “Historically there has been a lot of assessments and validating of systems, but this moves to a much more active protection and the ability to see vulnerabilities in near real-time,” he said.

Agencies will be able to consolidate their monitoring activities, and scale them across their enterprise, he said.

The Defense Department and the intelligence community have been consolidating their infrastructure and network security for several years, and this contract will help the civilian agencies to catch up, Karsten said.

The contract shifts buying from buying products and services to buying solutions, but Karsten said time will tell if agencies buy via a cloud model.