NRC seeks CDM contract extension, cites lack of 'vision' by DHS

network monitoring (nmedia/ 

The Nuclear Regulatory Commission is justifying an extension for an integration contract related to a key federal cybersecurity program by claiming the Department of Homeland Security failed to articulate "a complete architectural vision" at the outset of the program.

In a sole source justification posted to FedBizOpps June 14, the NRC seeks to add an additional year and $389,273 to a contract with Enterprise Services to continue implementing the Continuous Diagnostics and Mitigation program that scans federal networks for unauthorized users and threats.

The document provides insight into the challenges faced in the early stages of implementation, when some agencies complained they had little or no input over the vendors selected to work on their systems.

According to the document, the NRC contract missed several deadlines "due to limitations of the lab environment provided by the contractor." That led to inadequate testing of CDM system configurations and required additional troubleshooting.

However, NRC is not looking to switch contractors, stating that Enterprise Services has already implemented a unique dataflow that would be incompatible with another vendor.

"Without the support of the contractor as the CDM integrator provider, the NRC would suffer unacceptable delays in meeting the requirements to operate and maintain the CDM solution," the memo states.

Instead, NRC appears to place the blame at the feet of DHS, which manages the program and structured the initial contracting vehicle for implementation.

"As a new development effort, the CDM project lacked a complete architectural vision or concept of operations from U.S. Department of Homeland Security," the justification states. "For that reason, the CDM project is behind the schedule originally reflected in [the contract]."

For their part, DHS officials have acknowledged that the initial structure of the CDM task order awards, while necessary, contributed to some of the program's early stumbles. Program managers subsequently altered their approaches for a second round of contracts -- dubbed CDM DEFEND-- which were designed to offer more flexibility and allow agencies to select more tailored vendor partners.

About the Author

Derek B. Johnson is a former senior staff writer at FCW.


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected