New CDM services on the horizon

Smaller agencies will soon be able to tap into cybersecurity services via the Continuous Diagnostics and Mitigation program offered by Homeland Security.

The General Services Administration, which handles procurement for the CDM program, is planning a task order that will give 41 small federal agencies access to the cybersecurity protections via the cloud as a shared service.

DHS and GSA have also begun considering how to implement a fourth CDM phase aimed at protecting data.

Jim Piche, group manager of GSA's Federal Systems Integration and Management (FedSIM) center, said his agency will award task orders for CDM-as-a-service by August.  In late 2015, DHS and GSA issued a request for proposals for CDM as-a-service tools for the federal government's smallest agencies to reduce or eliminate duplication across those smaller entities. Piche spoke at a May 11 CDM event hosted by FCW.

Federal Election Commission Chief Information Security Officer Esteve Mede told FCW at the event that the CDM as-a-service contract would finally give smaller agencies immediate access to the DHS cybersecurity services. He said he has been waiting for over three years for access to CDM services, as priority was given to larger agencies.

Mede said the FEC has been keeping up with its cybersecurity needs, but the as-a-service option will allow more efficient automation of capabilities and ease some budget concerns.

According to Piche, GSA also is close to issuing task orders for new functional areas under CDM phase 2, for user privileges and identity management. Privilege management task orders for will be made "later this year," he said, while credential management awards will be "up for bid any moment now."

As those efforts roll forward, DHS' Jim Quinn said his agency is beginning to explore a fourth phase of CDM, which was spurred by recent breaches of federal networks aimed at stealing data.

While CDM Phase 1 focused on end-point security, Phase 2 on user privileges and behavior, and Phase 3 on address event management, incident response and boundary protection, Quinn, who is the CDM program management office's lead system engineer, said Phase 4 will focus on protecting data that resides on federal networks.

"That's our challenge for 2017," he said. 

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at or follow him on Twitter at @MRockwell4.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.