CDM Updates to Product Listing Requirements

By Amanda Mull, Contract Specialist

The federal Continuous Diagnostics and Mitigation (CDM) program includes cybersecurity tools and sensors that are reviewed by the program for conformance with Section 508, federal license users and CDM technical requirements. Manufacturers are encouraged to update, refresh and add new and innovative tools to the CDM Approved Products List (APL).

To maintain currency with federal and requirement and the constant evolution of the cyber/IT landscape, the CDM APL product submission requirements have been revised several times in FY2021.

The most recent updates reflect heightened security policies and protocols required for a more mobile workforce. Others support the full realization of the federal CDM Dashboard expected by year-end. The CDM Dashboard is intended to gauge agency cybersecurity posture. It also monitors the achievement of directives meant to raise the overall level of security and privacy in cyber/IT tools and technology across the federal government.

There have been several recent updates to CDM Common Requirements for Approved Product Listings (APL):

Read more of this post

CDM IPv6 compliance plans due July 6: Why the technology matters

By Amanda Mull, contract specialist

As I mentioned in my previous blog, there have been some changes to CDM. The Cybersecurity and Infrastructure Security Administration (CISA) announced recently that the common requirements for the Continuous Diagnostics and Mitigation (CDM) Program had been updated to align with the extended compliance schedule published in the Office of Management and Budget (OMB) Memorandum 21-07 (M-21-07) – PDF.

By FY2023, all federal information systems must be Internet Protocol version 6 (IPv6) enabled. This is an important policy move for acquiring information technology (IT) products and services contained in Federal Acquisition Regulation (FAR) 11.002.

On June 4, CISA directed suppliers with CDM-approved products suspected of not being natively IPv6 compliant to provide proofs of capability or a plan for becoming compliant by July 6, 2021. CISA will conditionally approve products that are not fully IPv6 compliant, providing applicants submit an acceptable plan detailing how their products will become fully operational in an IPv6-only network by the end of FY2023. CISA intends to perform periodic progress checks on accepted plans.   

Read more of this post

Top 3 HHS IT programs planning procurements in FY22

By Jessica Parks, market intelligence analyst

In a previous blog post, I went over the top three IT programs at the Department of Justice planning acquisitions. Now that the new administration has released the official FY22 budget, I would like to explore similar opportunities at another large agency, the Department of Health and Human Services. (As I’ve mentioned previously, this information is all publicly available in the Exhibit 53.)

Read on for a brief description of these programs and how you can position yourself accordingly.

1) CMS Federally Facilitated Exchange

Based within the Centers for Medicare and Medicaid Services, the FFE is the platform that supports the health insurance marketplace. This is the single largest IT investment at HHS and has been a crucial system for the agency for many years. Total IT funding for FY22 is expected to be more than $417M, with $176M being DME funding (i.e., new money to spend on program upgrades and additions).

The main objectives for this investment are to stay innovative and ensure minimal downtime. Automated customer service solutions as well as solutions that ensure secure information sharing could play a role here. Talk to the folks in the Center for Consumer Information and Insurance Oversight for more detail.

Read more of this post

CDM: More relevant than ever

By Amanda Mull, contract specialist

With the recent incidents involving ransomware and other serious data breaches, security remains a top priority in federal IT.

It’s been some time since we published our last blog on CDM, so to keep our channel partners and suppliers up to date on recent changes, in the coming weeks we will be publishing a series of CDM-related blogs.

In this, our first blog, we provide some basic information and discuss a recent leadership change. Future blogs will cover the federal CDM Dashboard, IPv6 compliance, updates to common requirements and the future of the CDM SIN.

Here are some of the basics about the program:

Continuous Diagnostics and Mitigation Program 

The CDM Program was developed in 2012 to support government-wide and agency-specific efforts to provide risk-based, consistent, and cost-effective cybersecurity solutions to protect federal civilian networks across all organizational tiers.

Read more of this post

SLED 101 Series – Technology Solves Problems

By Rachel Eckert, SLED market intelligence manager

In our last installment we walked through the IT budget process to help you focus your sales efforts more strategically and develop more targeted account lists.

This, our fourth installment, will dive into what technologies states and localities will be buying with their IT budgets and how vitally important the role of citizen is to driving adoption.

Despite some uncertainty in IT spending, state, local and education organizations are still looking for technology solutions. The ongoing pandemic caused major shifts, not only to working environments, but in how SLED organizations provided citizen services. With an inability to provide in-person services, SLED organizations needed to rapidly deploy digital and online services, forcing many states to re-evaluate their IT suites.

Cybersecurity is a constant

Even during a time rapid changes, there is still one constant when it comes to states, counties and cities — cybersecurity. With the rise in ransomware attacks over the last several years, several states have made the shift to a “whole-of-state” approach, which I wrote about in a recent blog. This means the state and all of the jurisdictions in the state work together to develop a plan for a coordinated response during an incident.

Read more of this post

How the federal government is working to secure our energy infrastructure

By Jessica Parks, market intelligence analyst

In a previous blog post, immixGroup Supplier Manager Derek Giarratana elaborated on the constant threat of ransomware and how the public sector can address it. Ransomware is one of the significant threats facing American energy infrastructure, as the Colonial pipeline incident has shown.

Federal agencies such as the Department of Energy are spearheading efforts to tackle not just ransomware, but other cyber threats that can jeopardize the safe functioning of energy delivery systems.

Here are three of DOE’s top priorities for securing energy infrastructure:

(1) Monitoring and analytics

Monitoring the grid (the entire network of generators involved in delivering power) and making sense of the data they produce is crucial. Many of the national labs under DOE are working to improve current processes. Labs such as Lawrence Livermore National Lab, the National Energy Technology Laboratory and Oak Ridge National Lab have been particularly active in developing solutions to automate grid monitoring, applying predictive analytics to anticipate future cyber events and modeling complex grid infrastructures.

Read more of this post

The importance of data monitoring and Zero Trust in battling ransomware

By Derek Giarratana, supplier manager

Ransomware is real and security threats continue to evolve, with new ones emerging daily. At times, organizations can feel that they won’t fall victim to ransomware, but now is not the time to ignore the facts. In 2019, it was reported that ransomware attacks were up by 41 percent, and in 2020 with the pandemic at the forefront, it was predicted that an attack occurred every 11 seconds.

In addition to the sheer volume of attacks, today’s ransomware and malware are also gaining in sophistication. Using random extensions and file names, the latest threats are making detection using blocked list solutions difficult and, in many cases, completely ineffective.

Every time an attack occurs, it takes significant time and money to remediate. Recovery time takes, on average, at least 16 days, and 67% of organizations that have been hit by an attack have lost all or part of their data. This is particularly problematic for public sector organizations that are faced with strict compliance requirements such as HIPPA, GDPR, CIPA, and CJIS.

Read more of this post

Hidden data opportunities in the Air Force FY22 budget

By Lloyd McCoy, senior market intelligence manager

There are IT opportunities with the Air Force in FY22 that are not apparent at first glance. If your organization handles data hosting, analysis and security, you need to look deeper.

FY22 funding will likely see roughly flat to 2% growth for the Air Force’s budget. As with FY21, which had a total budget of about $8B for IT, the largest concentration of IT dollars next year will go to support command and control and logistics.

Remember, however, that these numbers do not represent the total addressable market for IT. That’s especially true within the R&D portion of the Air Force budget, which emphasizes AI, machine learning systems and unmanned systems, as well as establishing a defendable space posture. There are IT dollars to be spent in those areas even if they may not be counted within a specific IT program.

Let’s look at two of these hidden opportunities.

(1) Leveraging data as a strategic asset

The Air Force wants to evolve the role played by data in everything they do – particularly in the area of predictive analytics. The service wants to find ways to use AI and machine learning for things like maintenance, creating savings to be reallocated elsewhere. Predictive analytics also can be applied to military maneuvers, intelligence, surveillance and reconnaissance systems.

Read more of this post

SLED 101 Series – Understanding the IT Budget

By Rachel Eckert, SLED Market Intelligence Manager

In our last installment we walked through the budget process to help you target your customers at the right time. In this, our third installment of our SLED 101 series, we focus on IT budget distribution, state-by-state spending and the importance of engaging with the right stakeholders. This information can help you focus your sales efforts more strategically and develop more targeted account lists.

Let’s start by looking at the pie chart below with a breakdown of IT spending by jurisdiction type or level of SLED government.

IT budget distribution

For 2021, IT spending in SLED will be just north of $100B. Spending proportions and ranges will vary for each state and or local government, however, almost 40% of that spending will be done by state governments. Higher Ed, Special Districts, K-12 School Districts and Cities all sit around, 12–15% each.

To give a bit more context to the SLED spending estimate, let’s look at a heatmap of estimated IT spending by state. You can use this heatmap in conjunction with the pie chart to segment your territory even further.

State-by-state spending

States like California, Texas, Florida and New York all have large IT budgets, making them prime targets for opportunity development. That doesn’t mean that states like Montana or North Dakota with smaller IT budgets do not have any IT opportunities, but that those IT opportunities will likely be smaller in scope.

Read more of this post

Top 3 Cloud Security Priorities in the Federal Government

By Jessica Parks, Market Intelligence Analyst

The last year of teleworking has caused an uptick in hybrid and multi-cloud environments, due to the flexibility, scalability and cost efficiencies that these environments offer dispersed teams. As federal agencies look to their futures within these increasingly complex environments, you can bet security is top of mind. When talking with your customers about how you can help provide peace of mind, keep in mind they are likely prioritizing one (or all!) of the following:

1) Baking security into products during the development process

As more federal software development teams embrace DevOps and DevSecOps, they recognize that developing applications on cloud platforms can further shorten timelines for spinning up new solutions. With this recognition comes an increased focus on baking security into these solutions during the development process.

Read more of this post
%d bloggers like this: