Cybersecurity, Federal Government

The Future of the CDM Program


Now more than ever, protecting government networks is of paramount importance. From PHI and PII to national security information, government systems contain sensitive data that must be aggressively defended against continually evolving threats. As connectivity between agencies continues to increase, in compliance with federal policies and regulations, the consequences of an attack – one that could affect multiple departments, countless records and critical security information – also grow.

In response to the evolving environment of cyber threats, the Department of Homeland Security initiated a program in 2013 to fortify federal IT networks from cybersecurity threats. The Continuous Diagnostics and Mitigation program (CDM) and its associated Blanket Purchase Agreement (BPA), offer all federal civilian agencies, as well as state, local, and tribal governments access to continuous monitoring sensors, diagnosis, mitigation tools, dashboards and continuous monitoring-as-a-service (CmaaS). These crucial program tools and services form the foundation for a dynamic, proactive approach to bolstering cybersecurity and have been proven to mount an effective bulwark against the constant barrage of increasingly sophisticated cyberattack methods. Originally, the program was intended to be implemented over the course of three separate phases. The recognition of new and emerging needs since its inception, however, prompted developers to make changes to accommodate those needs. Boundary Protection, for example, with its focus on protecting the network perimeter, was initially conceptualized as a Phase 3 requirement; it is now categorized as its own separate phase. Additionally, new requirements for Phase 4: protecting the data that is on the network, are expected to be released in the near future.

A New Phase in CDM

While solutions for Phase 3 have recently been added to the BPA, they are not yet available for procurement through the BPA funding. The current status of the CDM program is the beginning of Phase 2 implementation. The first P2 Task Order for Privilege Management was awarded to KCG/ManTech; the Task Order for Credential Management is currently under evaluation; and Task Orders for Behavior and Trust Management have yet to be released. Task orders for BOUND, Manage Events, Operate, Monitor and Improve, and Design and Build in Security are still being developed.

Your Partner in Navigating CDM

The CDM Program can be a confusing contract vehicle, but the dedicated CDM team at Carahsoft is here to guide you through the process. The first step toward getting your solutions added to the BPA is being approved on Carahsoft’s GSA Schedule 70. Typically, the CDM Program Office opens a 30-day enrollment window once per quarter. During this time, our team helps to identify which specific tool requirements your solutions meet and assists you with completing the submission documents. Once completed, we will conduct a final review and submit your products for approval.

Carahsoft is proud to offer our CDM solutions through the following partners: BAH, CSRA, HPE, IBM, KCG/ManTech, Kratos, Leidos, MicroTech, NGC, and Technica.

Continue learning more about the CDM program, its changes and how Carahsoft is driving initiatives to enhance the security of federal networks and systems by following the links below:

Related Articles