A DHS briefing on real-time cybersecurity monitoring (DHS via Flickr)
CDM SIN- EZGovOpps has covered the latest Special Item Numbers (SINs) added to IT Schedule 70 including the HACS cybersecurity SIN, a new Health IT SIN, and a proposed “Earth Observation Solutions” SIN for GIS-related products and services. Now, GSA has released a Request for Information (RFI) to gather input on a possible SIN for Continuous Diagnostics and Mitigation (CDM), real-time cybersecurity tools needed to “safeguard, secure and strengthen cyberspace and the security posture of Federal networks.” This will build off of the current GSA partnership with DHS (the agency with authority to enhance Federal CDM capabilities), the CDM Program Blanket Purchase Agreement, which expires in 2018.
The CDM BPA
In 2012, the Office of Management and Budget decided that continuous monitoring, a real-time cybersecurity method defined by the National Institute of Standards and Technology as “maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions,” should be a cybersecurity priority for Federal agencies. To that end, DHS established the CDM Program to implement the installation and use of CDM technologies, enabling “government entities to expand their continuous diagnostic capabilities by increasing their network sensor capacity, automating sensor collections, and prioritizing risk alerts.”
Working with the GSA, DHS created a CDM government-wide acquisition contract (GWAC), as a blanket purchase agreement (BPA), in 2013. Awarded with a ceiling of $6 billion, the has a 5-year period of performance, allowing for Federal, state, and local agencies to procure 15 CDM capabilities (also known as Tool Functional Areas) currently divided into 3 phases, from 17 contract holders:
| CDM BPA Awardees | Current DHS/CDM Model |
|
Phase 1:
Phase 2: Least Privilege and Infrastructure Integrity
Phase 3: Boundary Protection and Event Management for Managing the Security Lifecycle
|
The CDM SIN
With the success of the BPA, and a continuing need for CDM-upgrades after the contracts end in 2018, and a 2015 “Cybersecurity Sprint” plan which calls for a further-accelerated deployment of CDM capabilities, the GSA is working with DHS on the idea to create a SIN for CDM tools on IT Schedule 70. The partners intend to provide the same 15 Tool Functional Areas, but they would be grouped into 5 categories under the planned SIN, for easier company access and easier agency acquisition. Beyond improving the agency and company access to these solutions, GSA also hopes that a SIN would make it easier to provide new and innovative solutions to CDM, and provide new mechanisms for easier approval of CDM solutions for accession to an “Approved Product List (APL).”
Responses to the RFI are due on April 5, and must be submitted through this form. The GSA, through this RFI, has a particular interest in: learning industry thoughts on the proposed SIN, and understanding how CDM solutions are currently provided on IT Schedule 70.
Other GWACs have begun to compete with IT Schedule 70, as EZGovOpps recently noted, and EZGovOpps believes that IT procurement will only continue to grow in size and scope. In a time when Federal procurement is becoming more competitive and less predictable, a market intelligence platform like EZGovOpps can provide the information needed to follow procurement trends, produce personalized opportunity forecasts, and provide custom analyst-updates for a complete understanding of the Federal contracting market today.
Don’t forget to view our full GovCon News section for more intel.
Published March 29, 2017