New CDM services on the horizon
- By Mark Rockwell
- May 11, 2016
Smaller agencies will soon be able to tap into cybersecurity services via the Continuous Diagnostics and Mitigation program offered by Homeland Security.
The General Services Administration, which handles procurement for the CDM program, is planning a task order that will give 41 small federal agencies access to the cybersecurity protections via the cloud as a shared service.
DHS and GSA have also begun considering how to implement a fourth CDM phase aimed at protecting data.
Jim Piche, group manager of GSA's Federal Systems Integration and Management (FedSIM) center, said his agency will award task orders for CDM-as-a-service by August. In late 2015, DHS and GSA issued a request for proposals for CDM as-a-service tools for the federal government's smallest agencies to reduce or eliminate duplication across those smaller entities. Piche spoke at a May 11 CDM event hosted by FCW.
Federal Election Commission Chief Information Security Officer Esteve Mede told FCW at the event that the CDM as-a-service contract would finally give smaller agencies immediate access to the DHS cybersecurity services. He said he has been waiting for over three years for access to CDM services, as priority was given to larger agencies.
Mede said the FEC has been keeping up with its cybersecurity needs, but the as-a-service option will allow more efficient automation of capabilities and ease some budget concerns.
According to Piche, GSA also is close to issuing task orders for new functional areas under CDM phase 2, for user privileges and identity management. Privilege management task orders for will be made "later this year," he said, while credential management awards will be "up for bid any moment now."
As those efforts roll forward, DHS' Jim Quinn said his agency is beginning to explore a fourth phase of CDM, which was spurred by recent breaches of federal networks aimed at stealing data.
While CDM Phase 1 focused on end-point security, Phase 2 on user privileges and behavior, and Phase 3 on address event management, incident response and boundary protection, Quinn, who is the CDM program management office's lead system engineer, said Phase 4 will focus on protecting data that resides on federal networks.
"That's our challenge for 2017," he said.
Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.
Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.
Click here for previous articles by Rockwell.
Contact him at firstname.lastname@example.org or follow him on Twitter at @MRockwell4.