Continuous Diagnostics & Mitigation (CDM) Program

The Continuous Diagnostics and Mitigation (CDM) program helps strengthen the cybersecurity of government networks and systems. CDM provides federal agencies with capabilities and tools that

  • Find cybersecurity risks on an ongoing basis;
  • Prioritize these risks based upon potential impacts; and
  • Enable cybersecurity personnel to focus on the most significant problems first.

For CDM Tools Special Item Number (SIN) 541519CDM Information for Ordering Organizations.

For CDM Tools SIN Information for Vendors.

Get more information on the CDM Program.

Key Program objectives are to:

  • Reduce agency threat surface;
  • Streamline Federal Information Security Modernization Act (FISMA) reporting;
  • Increase visibility into federal cybersecurity; and
  • Improve the ability to respond to federal cybersecurity issues.

We provide both products and services to meet the CDM mission:

  • Products - CDM Tools SIN* on the Multiple Award Schedule (MAS) Information Technology; and
  • Services - a series of task orders referred to as CDM Dynamic and Evolving Federal Enterprise Network Defense (DEFEND) against the Governmentwide Acquisition Contract (GWAC), Alliant.

*Only CDM program validated products on the Approved Products List (APL) can be offered on the CDM Tools SIN. The Information for Vendors webpage has APL facts and submission instructions for new products.

In August 2013, the Department of Homeland Security (DHS) in partnership with the General Services Administration (GSA) established governmentwide Blanket Purchase Agreements (BPAs) under Multiple Award GSA IT Schedule 70.

The BPAs, known as the CDM Tools/Continuous Monitoring as a Service (CMaaS) BPAs, provided a consistent governmentwide set of information security continuous monitoring (ISCM) tools and services at a reduced cost that enhances the government's ability to identify and mitigate the impact of emerging cyber threats. The BPA offered 34 tiered price bands, providing for cumulative quantity discounts for each product available for purchase. The CDM Tools/CMaaS BPAs expired in August 2018 and was replaced with the CDM program’s new acquisition strategy.

CDM delivers capabilities to agencies across all aspects of the program and at varying timelines, tailored to best meet agency readiness and agency specific needs.

These capabilities are outlined in two volumes:

For more information on CDM capabilities, please visit the DHS CISA CDM Website.


Agency Contacts

The shortcut to this page is

Last Reviewed: 2022-01-12