The Future of the GSA CDM SIN: What it means to you

By Gina Brown, Federal Contracts Manager

In August 2018, the CDM program underwent a procurement transition that vendors should keep in mind. Combined with a proposed elimination of the GSA CDM special item number (SIN), the changes could streamline certain aspects of the way in which products are catalogued.

Initially, blanket purchase agreements (BPAs) were awarded to 17 primes. This then switched to a two-pronged acquisition strategy, in which four GSA Alliant prime contractors were awarded six Dynamic and Evolving Federal Enterprise Network Defense (DEFEND) task orders.

These prime system integrators would purchase cybersecurity tools according to the DHS approved product list (APL), to strengthen the security posture of civilian agency customers.

Read more of this post

CDM: Cloud Hardening and Zero Trust Environments

By Amanda Mull, Contract Specialist

Critical cybersecurity goals for most federal agencies are focused on Zero Trust for a more mobile workforce, cloud-based products, and active threat detection plus dynamic response. Purchase of tools alone, however, cannot provide successful operational cybersecurity. Ongoing budgeting must address a holistic approach, including flexible policies and procedures, to adjust to new threats and changing work landscapes – along with a critical investment in cyber workforce training.

It is becoming more important for federal agencies to partner with companies that can help achieve their foundational cybersecurity goals. Partners and agencies alike must be committed to constant review and adjustment to systems and operations, to ensure that they maintain the highest levels of cybersecurity.

CDM program funds directly support agencies striving to harden their cloud cybersecurity against threats. The program becomes even more important as new threats emerge and agencies are forced to scramble to protect themselves and the public trust. 

Read more of this post

The Cybersecurity Executive Order: What’s coming and where are the opportunities?

By Davis Johnson, VP & General Manager

Private sector companies have a considerable amount of work to do to comply with the recent Presidential Executive Order on Improving the Nation’s Cybersecurity. Existing contracts must be scrutinized to reduce the trend of serious cyberattacks across government and industry alike.

It’s clear that the order puts the onus on the vendor community. It reads, in part, “The private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace.”

The order further recommends standardizing common cybersecurity contractual requirements across agencies, to “streamline and improve compliance for vendors and the Federal Government.”

Beyond the effect on contract implications, vendors can expect more attention from the government in several key technology areas, which will spark greater demand and more funding. Here are just a few:

Cyber Vulnerability and Incident Detection

Agencies are required to establish a Memoranda of Agreement with CISA for Continuous Diagnostics and Mitigation. CISA is required to report quarterly to OMB and the National Security Advisor on implementation of threat-hunting practices. Vendors can expect more contact with agencies as these reports and documents are being prepared.

Read more of this post

CDM Updates to Product Listing Requirements

By Amanda Mull, Contract Specialist

The federal Continuous Diagnostics and Mitigation (CDM) program includes cybersecurity tools and sensors that are reviewed by the program for conformance with Section 508, federal license users and CDM technical requirements. Manufacturers are encouraged to update, refresh and add new and innovative tools to the CDM Approved Products List (APL).

To maintain currency with federal and requirement and the constant evolution of the cyber/IT landscape, the CDM APL product submission requirements have been revised several times in FY2021.

The most recent updates reflect heightened security policies and protocols required for a more mobile workforce. Others support the full realization of the federal CDM Dashboard expected by year-end. The CDM Dashboard is intended to gauge agency cybersecurity posture. It also monitors the achievement of directives meant to raise the overall level of security and privacy in cyber/IT tools and technology across the federal government.

There have been several recent updates to CDM Common Requirements for Approved Product Listings (APL):

Read more of this post

CDM IPv6 compliance plans due July 6: Why the technology matters

By Amanda Mull, contract specialist

As I mentioned in my previous blog, there have been some changes to CDM. The Cybersecurity and Infrastructure Security Administration (CISA) announced recently that the common requirements for the Continuous Diagnostics and Mitigation (CDM) Program had been updated to align with the extended compliance schedule published in the Office of Management and Budget (OMB) Memorandum 21-07 (M-21-07) – PDF.

By FY2023, all federal information systems must be Internet Protocol version 6 (IPv6) enabled. This is an important policy move for acquiring information technology (IT) products and services contained in Federal Acquisition Regulation (FAR) 11.002.

On June 4, CISA directed suppliers with CDM-approved products suspected of not being natively IPv6 compliant to provide proofs of capability or a plan for becoming compliant by July 6, 2021. CISA will conditionally approve products that are not fully IPv6 compliant, providing applicants submit an acceptable plan detailing how their products will become fully operational in an IPv6-only network by the end of FY2023. CISA intends to perform periodic progress checks on accepted plans.   

Read more of this post

CDM: More relevant than ever

By Amanda Mull, contract specialist

With the recent incidents involving ransomware and other serious data breaches, security remains a top priority in federal IT.

It’s been some time since we published our last blog on CDM, so to keep our channel partners and suppliers up to date on recent changes, in the coming weeks we will be publishing a series of CDM-related blogs.

In this, our first blog, we provide some basic information and discuss a recent leadership change. Future blogs will cover the federal CDM Dashboard, IPv6 compliance, updates to common requirements and the future of the CDM SIN.

Here are some of the basics about the program:

Continuous Diagnostics and Mitigation Program 

The CDM Program was developed in 2012 to support government-wide and agency-specific efforts to provide risk-based, consistent, and cost-effective cybersecurity solutions to protect federal civilian networks across all organizational tiers.

Read more of this post

Vendor Innovations in Cybersecurity: From Browsers to IoT to Mobile

By Tim Larkins, Senior Director, Market Intelligence and Corporate Development

Threats to network security have evolved and vulnerable attack vectors have expanded – from browsers to mobile devices to the increasingly interconnected appliances that are part of the Internet of Things (IoT). Vendors of cybersecurity solutions are now branching out beyond their initial niches to embrace wider aspects of security.

In immixGroup’s recent panel discussion during Cyber Ops Demo Day held earlier this month, six of industry’s most prominent vendors each described what they were doing to help prevent security breaches in this era of multiple security attack vectors.

Marlin McFate, federal CTO, Riverbed Technology, said his company has broadened its reach beyond network monitoring, application monitoring and user monitoring to security issues ranging from insider threat to exfiltration. Riverbed’s acquisition of FlowTraq has integrated that capability into its visibility solution. The technology allows for security problems to be analyzed from a behavioral perspective, to identify devices that are no longer acting like normal appliances or system users that are not actually part of the organization.

Read more of this post

Huge Opportunity Opens Up for Small Business on CDM

American flag on a wooden texture table

By Gina Brown, contracts specialist

The Continuous Diagnostic and Mitigation (CDM) program has gone through a lot of changes since it was first launched in 2013. And, each step of the way seems to make the program easier for companies to participate.

The program’s latest change allows companies to include Small Business to be part of CDM and play a bigger role in the program. As the program moves into its next phases, this could be a huge opportunity for companies that have not historically been able to participate.

What’s changed?

Read more of this post

Tracking government “openness” changes in contracting

By Jenni Taylor, manager, government programs and contracts

Federal contracting officers are moving towards more openness in procurement, which is a step forward in the cumbersome federal procurement process, according to Michael Fischetti, executive director of the National Contract Management Association.

Fischetti’s remarks came during a panel discussion at our recent Government IT Sales Summit, titled “Without a Contract, There Is No Deal: Updates on Contracts and Procurement.”

Contracting problems occur in government because contract professionals “are at the end of a long chain” of requirements definitions, budget analysis, time, coordination and approvals that Fischetti says often have nothing to do with requirements themselves. Despite that long process, Fischetti added that the federal procurement generally works free of political intervention.

Read more of this post

A peek inside the government’s cyber strategy

By Nick Mirabile, director of cybersecurity

It seems like every month there’s a new high-profile cyberattack wreaking havoc on our networks. Which is why we recently gathered three federal IT leaders to talk about cybersecurity and how they’re safeguarding their agencies in an era of emerging threats.

This panel discussion last month was fascinating, with success stories on what they’re doing to protect networks, as well as the biggest challenges for how to stay ahead of the threats. I picked up on a few themes important for companies selling cybersecurity solutions to agencies:

Read more of this post

%d bloggers like this: