The Cybersecurity Executive Order: What’s Coming and Where Are the Opportunities?

By Davis Johnson, VP & General Manager

Private sector companies have a considerable amount of work to do to comply with the recent Presidential Executive Order on Improving the Nation’s Cybersecurity. Existing contracts must be scrutinized to reduce the trend of serious cyberattacks across government and industry alike.

It’s clear that the order puts the onus on the vendor community. It reads, in part, “The private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace.”

The order further recommends standardizing common cybersecurity contractual requirements across agencies, to “streamline and improve compliance for vendors and the Federal Government.”

Beyond the effect on contract implications, vendors can expect more attention from the government in several key technology areas, which will spark greater demand and more funding. Here are just a few:

Cyber Vulnerability and Incident Detection

Agencies are required to establish a Memoranda of Agreement with CISA for Continuous Diagnostics and Mitigation. CISA is required to report quarterly to OMB and the National Security Advisor on implementation of threat-hunting practices. Vendors can expect more contact with agencies as these reports and documents are being prepared.

Read more of this post

CDM Updates to Product Listing Requirements

By Amanda Mull, contract specialist

The federal Continuous Diagnostics and Mitigation (CDM) program includes cybersecurity tools and sensors that are reviewed by the program for conformance with Section 508, federal license users and CDM technical requirements. Manufacturers are encouraged to update, refresh and add new and innovative tools to the CDM Approved Products List (APL).

To maintain currency with federal and requirement and the constant evolution of the cyber/IT landscape, the CDM APL product submission requirements have been revised several times in FY2021.

The most recent updates reflect heightened security policies and protocols required for a more mobile workforce. Others support the full realization of the federal CDM Dashboard expected by year-end. The CDM Dashboard is intended to gauge agency cybersecurity posture. It also monitors the achievement of directives meant to raise the overall level of security and privacy in cyber/IT tools and technology across the federal government.

There have been several recent updates to CDM Common Requirements for Approved Product Listings (APL):

Read more of this post

CDM IPv6 compliance plans due July 6: Why the technology matters

By Amanda Mull, contract specialist

As I mentioned in my previous blog, there have been some changes to CDM. The Cybersecurity and Infrastructure Security Administration (CISA) announced recently that the common requirements for the Continuous Diagnostics and Mitigation (CDM) Program had been updated to align with the extended compliance schedule published in the Office of Management and Budget (OMB) Memorandum 21-07 (M-21-07) – PDF.

By FY2023, all federal information systems must be Internet Protocol version 6 (IPv6) enabled. This is an important policy move for acquiring information technology (IT) products and services contained in Federal Acquisition Regulation (FAR) 11.002.

On June 4, CISA directed suppliers with CDM-approved products suspected of not being natively IPv6 compliant to provide proofs of capability or a plan for becoming compliant by July 6, 2021. CISA will conditionally approve products that are not fully IPv6 compliant, providing applicants submit an acceptable plan detailing how their products will become fully operational in an IPv6-only network by the end of FY2023. CISA intends to perform periodic progress checks on accepted plans.   

Read more of this post

CDM: More relevant than ever

By Amanda Mull, contract specialist

With the recent incidents involving ransomware and other serious data breaches, security remains a top priority in federal IT.

It’s been some time since we published our last blog on CDM, so to keep our channel partners and suppliers up to date on recent changes, in the coming weeks we will be publishing a series of CDM-related blogs.

In this, our first blog, we provide some basic information and discuss a recent leadership change. Future blogs will cover the federal CDM Dashboard, IPv6 compliance, updates to common requirements and the future of the CDM SIN.

Here are some of the basics about the program:

Continuous Diagnostics and Mitigation Program 

The CDM Program was developed in 2012 to support government-wide and agency-specific efforts to provide risk-based, consistent, and cost-effective cybersecurity solutions to protect federal civilian networks across all organizational tiers.

Read more of this post

Vendor Innovations in Cybersecurity: From Browsers to IoT to Mobile

By Tim Larkins, Senior Director, Market Intelligence and Corporate Development

Threats to network security have evolved and vulnerable attack vectors have expanded – from browsers to mobile devices to the increasingly interconnected appliances that are part of the Internet of Things (IoT). Vendors of cybersecurity solutions are now branching out beyond their initial niches to embrace wider aspects of security.

In immixGroup’s recent panel discussion during Cyber Ops Demo Day held earlier this month, six of industry’s most prominent vendors each described what they were doing to help prevent security breaches in this era of multiple security attack vectors.

Marlin McFate, federal CTO, Riverbed Technology, said his company has broadened its reach beyond network monitoring, application monitoring and user monitoring to security issues ranging from insider threat to exfiltration. Riverbed’s acquisition of FlowTraq has integrated that capability into its visibility solution. The technology allows for security problems to be analyzed from a behavioral perspective, to identify devices that are no longer acting like normal appliances or system users that are not actually part of the organization.

Read more of this post

Huge Opportunity Opens Up for Small Business on CDM

American flag on a wooden texture table

By Gina Brown, contracts specialist

The Continuous Diagnostic and Mitigation (CDM) program has gone through a lot of changes since it was first launched in 2013. And, each step of the way seems to make the program easier for companies to participate.

The program’s latest change allows companies to include Small Business to be part of CDM and play a bigger role in the program. As the program moves into its next phases, this could be a huge opportunity for companies that have not historically been able to participate.

What’s changed?

Read more of this post

Tracking government “openness” changes in contracting

By Jenni Taylor, manager, government programs and contracts

Federal contracting officers are moving towards more openness in procurement, which is a step forward in the cumbersome federal procurement process, according to Michael Fischetti, executive director of the National Contract Management Association.

Fischetti’s remarks came during a panel discussion at our recent Government IT Sales Summit, titled “Without a Contract, There Is No Deal: Updates on Contracts and Procurement.”

Contracting problems occur in government because contract professionals “are at the end of a long chain” of requirements definitions, budget analysis, time, coordination and approvals that Fischetti says often have nothing to do with requirements themselves. Despite that long process, Fischetti added that the federal procurement generally works free of political intervention.

Read more of this post

A peek inside the government’s cyber strategy

By Nick Mirabile, director of cybersecurity

It seems like every month there’s a new high-profile cyberattack wreaking havoc on our networks. Which is why we recently gathered three federal IT leaders to talk about cybersecurity and how they’re safeguarding their agencies in an era of emerging threats.

This panel discussion last month was fascinating, with success stories on what they’re doing to protect networks, as well as the biggest challenges for how to stay ahead of the threats. I picked up on a few themes important for companies selling cybersecurity solutions to agencies:

Read more of this post

What You Need to Know About CDM’s Latest Update

Jenni Taylor_65x85CDM eventBy Jenni Taylor, Contracts Programs Manager

immixGroup’s headquarters was a flurry of activity recently when we brought in tech companies to meet with contractors on the Department of Homeland Security’s Continuous Diagnostic and Mitigation program. It was our 4th CDM Speed Networking event, in support of CDM team leads, prime contractors and CDM providers and customers—something we organize every time the program is about to cross into a new phase.

We’ve had some updates since the event, with the most recent being a Request for Information (RFI) released this month that asks for industry input on Phase III capabilities and technologies. The RFI specifically wants to hear about secure orchestration, emerging data standards, and analytics tools to support timely detection and response to cyber events.

Read more of this post

Is the Workforce Ready and Able to Fight Cyber Threats?

Lloyd McCoy Jr.By Lloyd McCoy Jr., DOD Manager

The federal spymuseumevent-0281government’s cyber workforce will be the biggest determining factor in how
well government agencies tackle the rising cyber threat. That was the prevailing theme at the Federal Cybersecurity Update 2016 held at the International Spy Museum earlier this week. The event was organized by immixGroup, FedInsider, and George Washington University Center for Excellence in Public Leadership.

Leading representatives from the federal government and academia emphasized the importance of an effective cyber workforce. They also pointed out that the general workforce should be considered cyber defenders since they have a huge responsibility in mitigating vulnerabilities by using proper cyber hygiene. Many of the panelists admitted they frequently spear phish their employees to boost awareness and enforce commonsense practices.

Read more of this post

%d bloggers like this: