$135M in CDM Contracts Awarded, Bringing Effort to 97 Percent of Civilian Agencies

The U.S. government's effort to provide a common baseline of cybersecurity tools across civilian agencies now is available to 97 percent of the departments—a milestone hit after the Department of Homeland Security (DHS), through the General Services Administration, awarded three orders under the Continuous Diagnostics and Mitigation (CDM) program. The orders now bring the number of federal agencies using the tools and services to shore up cyber vulnerabilities to 17. 

The orders were awarded to Booz Allen Hamilton for $82 million, Northrop Grumman for $32 million and Hewlett Packard Enterprise Services for $21 million.

“These awards constitute another major step forward in providing the entire federal civilian government with the ability to identify, prioritize and fix the most significant problems on their networks in near-real time,” DHS Secretary Jeh Johnson says in a statement. “With the continued implementation of CDM, agencies will be able to monitor networks internally for vulnerabilities that could be exploited by bad actors that have breached the perimeter.”

The congressionally established program gives participating agencies and departments access to commercial off-the-shelf tools, software and programs to combat cybersecurity risks. The overarching CDM effort is intended to help agencies get a firm hold on the inventoried assets and assess identity management, and aligns with the mindset of existing governmental programs that call for uniformity. The effort is not just about applying technology to address and fix a governmental problem, but also tests an evolving vision of federal leaders to revamp the burdensome acquisition process and find cost-effective yet valuable products.

While each federal department or agency is responsible for its own cybersecurity, the DHS-led program provides baselines and access to uniform solutions, especially since most cybersecurity incidents are caused by common, recognizable and fixable issues such as vulnerabilities or improper configurations in computers or software, the release states. By providing a means for continuous monitoring, agencies can fix vulnerabilities before damaging incidents occur. Solutions via the CDM give individual agencies tools to continuously scan for cybersecurity risks and dashboards to see specific risks and identify key trends. It lets the DHS view and analyze government-wide risk data at a summary level.

The three awards are the third, fourth and fifth of a planned total of six awards under the Continuous Monitoring as a Service Blanket Purchase Agreement providing continuous diagnostic tools and integration services to federal civilian agencies and state, local, tribal and territorial government partners.