The General Services Administration is giving industry a first glimpse at its blueprint for conducting a new cybersecurity product and service acquisition on behalf of the Homeland Security Department’s main cyber agency.

As a sources sought notice posted Thursday lays out, GSA and DHS’ Cybersecurity and Infrastructure Agency are looking to build upon and consolidate work currently being performed under the CDM DEFEND family of contracts.

CDM Defend refers to the current iteration of DHS' Continuous Diagnostics and Mitigation program, which focuses on securing civilian agency networks in the “.gov” domain. Each contract under CDM Defend is slated to expire on April 30, 2027 following several extensions issued in April.

GSA and CISA currently have a simple name for the planned new contract -- CISA Indefinite Delivery Indefinite Quantity Contract. They are structuring it as a multiple-award vehicle to cover a broad scope of requirements across the cybersecurity, IT and communications technology domains.

Both agencies currently estimate the new contract will have a ceiling in the range of $18 billion-to-$20 billion over up to 10 years, inclusive of a five-year base period and a single five-year option.

Work under CDM Defend is currently divided up into five groups of agencies with four prime systems integrators involved: CACI International, Booz Allen Hamilton, CGI Federal and ManTech. Booz Allen holds the contracts for two groups.

Responses to the request for information are due March 7.