Federal Government To Revamp The Continuous Diagnostics And Mitigation Program

King & Spalding

The Federal Government is reportedly upgrading its Continuous Diagnostics and Mitigation (“CDM”) program, administered by the Department of Homeland Security (“DHS”) and the General Services Administration. The redesigned program is called the CDM DEFEND - Dynamic and Evolving Federal Enterprise Network Defense. CDM functions as a federal acquisition tool for cybersecurity solutions.

The CDM program “provides federal departments and agencies with capabilities and tools that identify cybersecurity risks on an ongoing basis, prioritize these risks based upon potential impacts, and enable cybersecurity personnel to mitigate the most significant problems first.” CDM includes “a multi-award, Schedule 70 Blanket Purchase Agreement (“BPA”).” The BPAs “provide[] government programs with specialized information technology (“IT”) tools to defend Federal IT networks from cyber-security threats by providing Continuous Monitoring as a Services (“CMaaS”) to strengthen the security posture of their Government networks.”

The current CDM BPAs will expire in August 2018, and CDM DEFEND is an effort to replace them. Kevin Cox, CDM program manager at DHS, has reportedly indicated that “the new CDM model will be less about buying specific services and technologies and more about creating a strong cybersecurity posture that can evolve over time.” According to Jim Piche, homeland security director for Federal Systems Integration and Management Center (“FEDSIM”), FEDSIM is “‘not looking for a specific technology; we’re not looking for a specific cyber solution. . . . We’re going to take the acquisition cycles out of it so that we can identify, acquire and deploy those cybersecurity tools at the speed they need to be deployed rather than getting into another procurement cycle.’” In the new iteration, “[Chief Information Officer] offices will issue a task order with a system integrator that will help the agency develop cybersecurity goals and discover the right technical solutions to achieve those goals.” The new system thus “‘is not a BPA, it’s not an [indefinite delivery/indefinite quantity]. . . . It is a single-award task order to an integrator that is incrementally funded as a cost-type task order.’”

Piche stressed that the CDM’s focus on industry and cooperation with over 100 companies will not change under the new system. Rather, “[u]sing this more flexible model will allow agencies to ‘redefine what is better cybersecurity in 2019 and 2020.’”

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© King & Spalding | Attorney Advertising

Written by:

King & Spalding

King & Spalding on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.