Task Order 2 for CDM Approaching

by Tomas O’Keefe, Senior Analyst

Industry has been waiting on more news about the next set of contracts for the Department of Homeland Security’s (DHS) $6B Continuous Diagnostic and Mitigation (CDM) initiative, and we’re finally starting to get some concrete details about what that’s going to entail. DHS, with the aid of the General Service Administration’s (GSA) Federal Systems Integration and Management (FEDSIM) group, is still focusing on phase 1 of the CDM initiative, which is aimed at tackling end point integrity and identifying network vulnerability. There will be additional phases of CDM over the coming years. But we’re now starting to get more details on Task Order 2, which is the next step in the current phase.

However, a bit of recap before we proceed. Back in January of this year, DHS awarded the Task Order 1 to four Continuous Monitoring-as-a-Service (CMaaS) BPA holders for some network and endpoint protection products. In March, DHS and GSA awarded a contract to develop a federal-wide cybersecurity dashboard that departments will submit CDM information to. Ideally, this dashboard will ease the Federal Information Security Management Act (FISMA) reporting requirements on departments, meaning CISOs can spend more of their time protecting networks and less time filling out paperwork.

Task Order 2 is the next step in the first phase of CDM, and according to CDM program managers, the focus is going to be on products and services around planning, management, training, and architecture and engineering. Task Order 2 is going to be acquired in six groupings, the first of which is the DHS-wide buy slated for late July. The second grouping likely will include the Departments of Energy, Transportation, Interior, Agriculture, and Veterans Affairs, along with the Executive Office of the President and the Office of Personnel Management, and will likely be released late August. The groupings can be found in the graphic listed below, and although DHS and GSA haven’t provided guidance on exactly when the solicitations for the next groupings will be released, you’ll likely see the RFPs issued in the first quarter of government fiscal year 2015.

If you’re not on a team with one of the 17 CDM BPA holders, it’s not too late. DHS and GSA are still releasing RFIs looking for new products that will help secure the .gov domain like network oversight & assurance, malware protection, and other cybersecurity technologies. We here at immixGroup have teaming arrangements with all of the CDM BPA holders, and you can learn more by contacting your account manager to see how you can help protect federal networks!