New CDM services on the horizon

Smaller agencies will soon be able to tap into cybersecurity services via the Continuous Diagnostics and Mitigation program offered by Homeland Security.

The General Services Administration, which handles procurement for the CDM program, is planning a task order that will give 41 small federal agencies access to the cybersecurity protections via the cloud as a shared service.

DHS and GSA have also begun considering how to implement a fourth CDM phase aimed at protecting data.

Jim Piche, group manager of GSA's Federal Systems Integration and Management (FedSIM) center, said his agency will award task orders for CDM-as-a-service by August.  In late 2015, DHS and GSA issued a request for proposals for CDM as-a-service tools for the federal government's smallest agencies to reduce or eliminate duplication across those smaller entities. Piche spoke at a May 11 CDM event hosted by FCW.

Federal Election Commission Chief Information Security Officer Esteve Mede told FCW at the event that the CDM as-a-service contract would finally give smaller agencies immediate access to the DHS cybersecurity services. He said he has been waiting for over three years for access to CDM services, as priority was given to larger agencies.

Mede said the FEC has been keeping up with its cybersecurity needs, but the as-a-service option will allow more efficient automation of capabilities and ease some budget concerns.

According to Piche, GSA also is close to issuing task orders for new functional areas under CDM phase 2, for user privileges and identity management. Privilege management task orders for will be made "later this year," he said, while credential management awards will be "up for bid any moment now."

As those efforts roll forward, DHS' Jim Quinn said his agency is beginning to explore a fourth phase of CDM, which was spurred by recent breaches of federal networks aimed at stealing data.

While CDM Phase 1 focused on end-point security, Phase 2 on user privileges and behavior, and Phase 3 on address event management, incident response and boundary protection, Quinn, who is the CDM program management office's lead system engineer, said Phase 4 will focus on protecting data that resides on federal networks.

"That's our challenge for 2017," he said. 

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at [email protected] or follow him on Twitter at @MRockwell4.


  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected