CDM's next phase starts in 30 days

EDITOR's NOTE: This story originally appeared on

The General Services Administration will move the continuous diagnostics and mitigation acquisition vehicle into its second phase within the next month by issuing modifications to the blanket purchase agreement, a GSA official said June 2. The CDM vehicle, which has a $6 billion ceiling, is one of the prime federal tools for defending civilian networks that are under siege daily from hackers.

Whereas Phase I of CDM is giving agencies tools to detect what devices are on their networks, Phase 2 will focus on better identifying who is on those networks. Thus, security products for identity management and network boundary protection will be in the offing from vendors during Phase 2. The third phase, to come at an undetermined date, will delve further into boundary protection and tackle incident response.

“Each of the phases is an add-on to what was previously there,” Jim Piché, group manager at GSA’s Federal Systems Integration and Management Center, said at the Federal IT Acquisition Summit in Washington, D.C. “So the product catalog is continuing to grow.”

Earlier this year, Knowledge Consulting Group won the first award under Phase I, task order 2 of the program. Piché said he expects task orders 2C through 2E, representing about $100 million in contracting awards, to be awarded within the next 90 days.

The CDM vehicle, which is also open to state and local governments, has sought to install a baseline level of cybersecurity across government in an era of rapidly evolving threats. The program will “enable a sea change in governance,” in that agencies will respond to what dashboard sensors are actually telling them rather than the false assurance of security compliance, Homeland Security Department Chief Information Security Officer Jeffrey Eisensmith predicted at the FCW-sponsored summit.

Officials describe Phase I as foundational to cleaning up agencies’ cybersecurity posture. “If [a device] talks to an IP address, we want to know about it,” John Simms, CDM program at DHS, said of the goal of Phase I. Many agency officials are still “hard-pressed to tell you exactly” how many devices are on their networks, he added. 

But while the CDM program is credited with giving federal IT managers a clearer view of network vulnerabilities, it has not all been smooth sailing.

“One of the big pieces of feedback we’ve gotten from contracting officers is that they’re struggling with the volume of products that are available, they’re struggling with the tiered pricing,” Piché said. So GSA is trying to make the BPA catalog available to contracting officers in the form of a searchable database, he said. But as of now, these contract officers have to make to do with a collection of spreadsheets on the program.

About the Author

Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.

Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.

Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here


  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Our databases track awards back to 2013. Read More

  • Navigating the trends and issues of 2016 Nick Wakeman

    In our latest WT Insider Report, we pull together our best advice, insights and reporting on the trends and issues that will shape the market in 2016 and beyond. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.