CYBER

CDM's next phase starts in 30 days

EDITOR's NOTE: This story originally appeared on FCW.com

The General Services Administration will move the continuous diagnostics and mitigation acquisition vehicle into its second phase within the next month by issuing modifications to the blanket purchase agreement, a GSA official said June 2. The CDM vehicle, which has a $6 billion ceiling, is one of the prime federal tools for defending civilian networks that are under siege daily from hackers.

Whereas Phase I of CDM is giving agencies tools to detect what devices are on their networks, Phase 2 will focus on better identifying who is on those networks. Thus, security products for identity management and network boundary protection will be in the offing from vendors during Phase 2. The third phase, to come at an undetermined date, will delve further into boundary protection and tackle incident response.

“Each of the phases is an add-on to what was previously there,” Jim Piché, group manager at GSA’s Federal Systems Integration and Management Center, said at the Federal IT Acquisition Summit in Washington, D.C. “So the product catalog is continuing to grow.”

Earlier this year, Knowledge Consulting Group won the first award under Phase I, task order 2 of the program. Piché said he expects task orders 2C through 2E, representing about $100 million in contracting awards, to be awarded within the next 90 days.

The CDM vehicle, which is also open to state and local governments, has sought to install a baseline level of cybersecurity across government in an era of rapidly evolving threats. The program will “enable a sea change in governance,” in that agencies will respond to what dashboard sensors are actually telling them rather than the false assurance of security compliance, Homeland Security Department Chief Information Security Officer Jeffrey Eisensmith predicted at the FCW-sponsored summit.

Officials describe Phase I as foundational to cleaning up agencies’ cybersecurity posture. “If [a device] talks to an IP address, we want to know about it,” John Simms, CDM program at DHS, said of the goal of Phase I. Many agency officials are still “hard-pressed to tell you exactly” how many devices are on their networks, he added. 

But while the CDM program is credited with giving federal IT managers a clearer view of network vulnerabilities, it has not all been smooth sailing.

“One of the big pieces of feedback we’ve gotten from contracting officers is that they’re struggling with the volume of products that are available, they’re struggling with the tiered pricing,” Piché said. So GSA is trying to make the BPA catalog available to contracting officers in the form of a searchable database, he said. But as of now, these contract officers have to make to do with a collection of spreadsheets on the program.

About the Author

Sean Lyngaas is a former FCW staff writer.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close

Trending

  • POWER TRAINING: How to engage your customers

    Don't miss our July 12 Washington Technology Power Training session on Mastering Stakeholder Engagement, where you'll learned the critical skills you need to more fully connect with your customers and win more business. Read More

  • PROJECT 38 PODCAST

    In our latest Project 38 Podcast, editor Nick Wakeman and senior staff writer Ross Wilkers discuss the major news events so far in 2019 and what major trends are on the horizon. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.