NRC seeks CDM contract extension, cites lack of 'vision' by DHS

network monitoring (nmedia/ 

The Nuclear Regulatory Commission is justifying an extension for an integration contract related to a key federal cybersecurity program by claiming the Department of Homeland Security failed to articulate "a complete architectural vision" at the outset of the program.

In a sole source justification posted to FedBizOpps June 14, the NRC seeks to add an additional year and $389,273 to a contract with Enterprise Services to continue implementing the Continuous Diagnostics and Mitigation program that scans federal networks for unauthorized users and threats.

The document provides insight into the challenges faced in the early stages of implementation, when some agencies complained they had little or no input over the vendors selected to work on their systems.

According to the document, the NRC contract missed several deadlines "due to limitations of the lab environment provided by the contractor." That led to inadequate testing of CDM system configurations and required additional troubleshooting.

However, NRC is not looking to switch contractors, stating that Enterprise Services has already implemented a unique dataflow that would be incompatible with another vendor.

"Without the support of the contractor as the CDM integrator provider, the NRC would suffer unacceptable delays in meeting the requirements to operate and maintain the CDM solution," the memo states.

Instead, NRC appears to place the blame at the feet of DHS, which manages the program and structured the initial contracting vehicle for implementation.

"As a new development effort, the CDM project lacked a complete architectural vision or concept of operations from U.S. Department of Homeland Security," the justification states. "For that reason, the CDM project is behind the schedule originally reflected in [the contract]."

For their part, DHS officials have acknowledged that the initial structure of the CDM task order awards, while necessary, contributed to some of the program's early stumbles. Program managers subsequently altered their approaches for a second round of contracts -- dubbed CDM DEFEND-- which were designed to offer more flexibility and allow agencies to select more tailored vendor partners.

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.