CDM IPv6 compliance plans due July 6: Why the technology matters

By Amanda Mull, contract specialist

As I mentioned in my previous blog, there have been some changes to CDM. The Cybersecurity and Infrastructure Security Administration (CISA) announced recently that the common requirements for the Continuous Diagnostics and Mitigation (CDM) Program had been updated to align with the extended compliance schedule published in the Office of Management and Budget (OMB) Memorandum 21-07 (M-21-07) – PDF.

By FY2023, all federal information systems must be Internet Protocol version 6 (IPv6) enabled. This is an important policy move for acquiring information technology (IT) products and services contained in Federal Acquisition Regulation (FAR) 11.002.

On June 4, CISA directed suppliers with CDM-approved products suspected of not being natively IPv6 compliant to provide proofs of capability or a plan for becoming compliant by July 6, 2021. CISA will conditionally approve products that are not fully IPv6 compliant, providing applicants submit an acceptable plan detailing how their products will become fully operational in an IPv6-only network by the end of FY2023. CISA intends to perform periodic progress checks on accepted plans.   

IPv6 is a network layer protocol that enables data communications over a packet switched network, data transferred in packets between two nodes in a network. This protocol is not new. The first working standard protocol came in 1998; by 2004, most U.S. software manufacturers were working to update their IPv4 architecture, considered the backbone of the modern Internet.

IPv6 was called the “next generation Internet” because of its expanded capabilities and growth potential. It is considered critical for heightened cybersecurity and privacy.

While IPv6 and IPv4 share similar architecture, there are some key differences:

  • IPv6 increases address space from 32-bit under IPv4 to 128-bit address length. This makes it possible to have an almost unlimited number of unique IP addresses.
  • Size matters: IPv6 address size helps deter malicious activities such as IP scanning.
  • IPv6 packets support larger payloads, increasing throughput and transport efficiency.
  • Most important for remote work forces is native support for mobile devices to switch between networks and receive roaming notices at any physical location. Mobile-iPv6 (MIPv6) is a hallmark protocol specified as a firm requirement in designing IPv6.
  • Independent auto-configuration of IPv6 devices is a boon to network administrators. IPv6 devices connected with other IPv6 devices can assign IP addresses and device numbering. An IPv6 router may even determine its own IPv6 address.
  • The IPv6 protocol provides increased authentication and privacy with an end-to-end security framework featuring embedded IPSec security to manage encryption and authentication between hosts.  

More information on IPv6 and federal cybersecurity policies and programs can be found at this GSA website.  


To keep on top of trends in government IT, subscribe to immixGroup’s Government Sales Insider blog now!

For expertise on the CDM program and help getting your products to the federal marketplace faster, contact immixGroup at CDM@immixgroup.com.

About Amanda Mull
Currently a Contract Specialist for immixGroup, Inc. I help public sector sales professionals understand federal contracting vehicles, and respond to IT sales opportunities. Special knowledge of the DHS/CISA CDM Program for the GSA IT Schedule 70 and the U.S. Army ITES-SW2 Contract via the CHESS IT E-Mart. 20+ years as ACO for GSA schedule 84 Security, Access Control and Surveillance System Products & Services Company; 10 + years as a Corporate Compliance Officer.

One Response to CDM IPv6 compliance plans due July 6: Why the technology matters

  1. Todd says:

    I could not agree more, and IPv6 provides easier manageability across MPLS environments especially when connecting from remove distances. An example would be to connect VMware environment across disparate regions using 1 hop as opposed to multiple hops. In addition, I can monitor my environments over secure connections (ESP – Encapsulated Secure Payload and AH – Authenticated Headers). using SNMPv3 or I can pull information directly from the server using Cockpit (Linux) or WMI.

    They were talking about making IPv6 native in the Government space (I think there was a mandate) but I am not sure why it was pushed to the forefront, oh well, hopefully the will get it right this time.

    Todd

Leave a Reply to Todd Cancel reply

%d bloggers like this: