CDM Frequently Asked Questions

Consistent with the federal government’s four-year development of the Information System Continuous Monitoring (ISCM) methodology, the CDM program is a dynamic implementation approach to fortifying the cyber security of computer networks and systems.

The CDM program provides capabilities and tools that enable network administrators to know the state of their respective networks at any given time, by identifying and ranking problems for priority resolution.

The CDM program helps standardize security monitoring across the federal government. CDM’s intent parallels national priority for hardening defenses in federal networks. CDM has a number of benefits beyond those associated with certification and accreditation and continuous authorization supporting the Federal Information Security Management Act (FISMA) of 2002. CDM offers commercial off-the-shelf (COTS) tools, with robust terms for technical modernization as threats change.

The CDM program defends federal government IT networks from cyber security threats and enhances risk-based decision-making within agencies, and across the federal government. CDM utilizes tools and services to improve agencies’ abilities to analyze critical security-related information. Continually monitoring networks for flaws and anomalies will alert network managers to attacks and intrusions, thereby enabling faster responses to fix vulnerabilities that allow attacks.

In partnership with the General Services Administration (GSA), the Department of Homeland Security (DHS) is structuring acquisition vehicles on behalf of federal civilian departments and agencies. Additionally, in its comprehensive cyber-defense role, DHS will make CDM tools and services available for use by defense organizations, in addition to state, local, regional and tribal (SLRT) governments.

CMaaS BPA participants achieve cost savings through tiered-price and task-order discounts, enabling scarce resources to be spread further. This strategy results in an enterprise approach to continuous diagnostics, including consistent application of best practices.

The CDM Dashboard will identify and prioritize cyber problems for action at the department/agency level. Summary information will feed into a federal dashboard, which provides situational awareness of the government wide network security status.

In 2010, the Office of Management and Budget delegated DHS to oversee and assist governmentwide and agency-specific efforts to provide adequate, risk-based, and cost-effective cybersecurity. Through its authority, DHS will ensure that the program is consistently implemented, meets critical requirements for effectiveness, and leverages centralized acquisitions to improve the speed of procurement and achieve strategic sourcing discounts.

The CDM Program Management Office is supporting participating agencies through web-based toolkits, customer representative meetings, and agency-dedicated CDM advocates.

The Continuous Diagnostics and Mitigation (CDM) program is designed to rigorously ensure privacy. Review of all technical proposals from among the winners of the CMaaS contract were found to strictly adhere to public safety, and the related design criteria necessary to fulfill critical Homeland Security mission requirements for information assurance.

Data sent from local department and agency (D/A) networks to DHS does not include any Personally Identifying Information (PII); data about specific D/A computers, applications or user accounts; and data about the specific cybersecurity flaws on these computers or applications.

The CDM program helps federal agencies automate the FISMA reporting process. Agency-level CDM dashboards will automatically gather and report some of the FISMA-required information to the federal dashboard; the federal dashboard will then report this information to the CyberScope data reporting application that is managed by DHS.

Contact cdm@gsa.gov and request a Delegation of Procurement Authority (DPA).

Federal department and agencies, state, local, regional, and tribal governments, as well as other organizations authorized by GSA Order 4800.2H Eligibility to Use GSA Sources of Supply.

The normal contract approval time-frame for modifications and new offers is 16 days and 110 days, respectively. Using the FASt Lane process, those periods can be reduced to 48 hours and 45 days, respectively.

Requests for a product to be added to the CDM APL can be submitted during the first business week of each month. All updates to the CDM APL will occur by the end of each month. Any product conformance/package completion issues and/or delays in handling inquiries can delay the CDM APL approval process.

Contractor teaming arrangements are not conducted at the SIN level. Orders currently or in the process of being placed at the BPA level can possibly retain teaming arrangements.

The requirements for the new 132-44 CDM Tools SIN, mirror those of the 132-8 Purchase of New Equipment SIN, with the APL being the added exception. Authorized dealers or suppliers need to obtain Letters of Supply from the appropriate manufacturer in order to list their products on the 132-44 CDM Tools SIN.

Current BPA CDM products will be listed on the CDM APL. New product enrollment requires submission of an evaluation package to DHS for review. DHS examines the product for conformance and technical capabilities. Approval requires a completed package that includes company/product information, supporting documentation (VPATs, EULAs, SCRM plan, etc.) and addressing of mandatory requirements, as applicable.

print Share Icon Last Reviewed 2017-08-13