Cybersecurity

New CDM services on the horizon

Smaller agencies will soon be able to tap into cybersecurity services via the Continuous Diagnostics and Mitigation program offered by Homeland Security.

The General Services Administration, which handles procurement for the CDM program, is planning a task order that will give 41 small federal agencies access to the cybersecurity protections via the cloud as a shared service.

DHS and GSA have also begun considering how to implement a fourth CDM phase aimed at protecting data.

Jim Piche, group manager of GSA's Federal Systems Integration and Management (FedSIM) center, said his agency will award task orders for CDM-as-a-service by August.  In late 2015, DHS and GSA issued a request for proposals for CDM as-a-service tools for the federal government's smallest agencies to reduce or eliminate duplication across those smaller entities. Piche spoke at a May 11 CDM event hosted by FCW.

Federal Election Commission Chief Information Security Officer Esteve Mede told FCW at the event that the CDM as-a-service contract would finally give smaller agencies immediate access to the DHS cybersecurity services. He said he has been waiting for over three years for access to CDM services, as priority was given to larger agencies.

Mede said the FEC has been keeping up with its cybersecurity needs, but the as-a-service option will allow more efficient automation of capabilities and ease some budget concerns.

According to Piche, GSA also is close to issuing task orders for new functional areas under CDM phase 2, for user privileges and identity management. Privilege management task orders for will be made "later this year," he said, while credential management awards will be "up for bid any moment now."

As those efforts roll forward, DHS' Jim Quinn said his agency is beginning to explore a fourth phase of CDM, which was spurred by recent breaches of federal networks aimed at stealing data.

While CDM Phase 1 focused on end-point security, Phase 2 on user privileges and behavior, and Phase 3 on address event management, incident response and boundary protection, Quinn, who is the CDM program management office's lead system engineer, said Phase 4 will focus on protecting data that resides on federal networks.

"That's our challenge for 2017," he said. 

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.