CDM Notes: EO 14028 deadline is looming. Is your company ready to help?

By Amanda Mull, Contract Specialist

Cybersecurity specialists in the federal government are probably feeling the pinch right about now. By October 9, agencies will need to report on their current software systems as part of Executive Order 14028 on Improving the Nation’s Cybersecurity. If you are a vendor of cybersecurity products, you’d be well advised to make sure your business is appropriately listed – sooner, not later.

Following completion of their EO/OMB reports, agencies are to identify areas at high risk for cyberattacks – such as data theft, ransomware, and disturbances or exploitation of email or other communications.  By Identifying these vulnerabilities and whether agencies may be dependent on specific software or system providers, the federal government hopes to gain greater insight into problem areas.

Regardless of agency progress so far, one thing remains clear: Long-term improvements and understanding of evolving digital ecosystems demand close collaboration between agencies and the private industry vendors which provide new platforms, technologies and services in the cyber realm. 

The Executive Order reporting effort is supported by the Department of Homeland Security’s Continuous Diagnostics and Mitigation (CDM) program, which was designed to identify technology to help agencies improve their cyber posture. It was also intended to assist with required Federal Information Security Management Act (FISMA) reporting via the CDM dashboard.

To that end, suppliers of software for managing identity, access, data security, assets and endpoints are encouraged to submit their products for technical review and inclusion on the CDM Approved Products List (APL). Products listed on the CDM APL are approved as fit for purpose to help agencies support their high priority goals and mission critical systems. 

Reducing the overall federal threat surface and achieving zero-trust environments are goals for all agencies, regardless of mission. Having proven technologies available on the CDM APL for consideration is crucial to agencies making good choices about how to improve their cyber security posture.

Here are some important things to keep in mind ahead of the October 9 deadline:

Do agencies need to do anything to improve their software systems next week to reduce their vulnerability? 

Not by the deadline, but certainly over the next fiscal year, any deficiencies will need to be addressed to meet federal cyber/IT security mandates. For vendors, this will translate into sales opportunities.

Will there be scorecarding of agency performance? How will success be measured?

That is unclear at the moment. The CDM Dashboard is closed to the public and intended for federal use only.  Anecdotally, it has been widely reported that endpoint data collected and reported to the CDM Dashboard will be used by the OMB to help verify agency cyber and IT budget requests and set or approve budgets.  It is clear that the government is using several tools to keep track of agency performance in achieving standards for cybersecurity and achieving zero-trust environments.

How can the vendor community help agencies improve their compliance? 

The clear route is for agencies to be able to match their cyber/IT needs to suppliers with CDM-approved products. immixGroup also has deep relationships with primes for the Dynamic and Evolving Federal Enterprise Network Defense program (CDM DEFEND). Because of those relationships, immixGroup may be able to assist by coordinating introductions, and integrating vendors into market intelligence efforts focused on this initiative.

Interested in keeping up with the latest in government IT trends? Subscribe to immixGroup’s Government Sales Insider blog now!

Let immixGroup help you understand the ins and outs of the shifting federal CDM landscape. For specific information, email CDM@immixGroup.com.

Check out the immixGroup CDM webpage for more details on how we can help you.

About Amanda Mull
Currently a Contract Specialist for immixGroup, Inc. I help public sector sales professionals understand federal contracting vehicles, and respond to IT sales opportunities. Special knowledge of the DHS/CISA CDM Program for the GSA IT Schedule 70 and the U.S. Army ITES-SW2 Contract via the CHESS IT E-Mart. 20+ years as ACO for GSA schedule 84 Security, Access Control and Surveillance System Products & Services Company; 10 + years as a Corporate Compliance Officer.

Leave a Reply

%d bloggers like this: