The Department of Homeland Security expects 17 more Federal agencies to have new task orders finalized by the end of summer to support further rollout of the Continuous Diagnostics and Mitigation Program, according to CDM Program Manager Kevin Cox.
The CDM DEFEND task orders for Groups C, D, and E of the CDM program now have a projected timeframe for when the contracts will go out, Cox said at MeriTalk’s Tenable GovEdge 2018 Conference on May 3.
“Our target for Groups C, D, and E is around the July timeframe,” Cox said. “We could have it late June, and one may be late July, early August.”
Disclosure of the timetable for those groups came on the heels of the Group A task order being awarded to CACI on April 27. The Group B task order was awarded to Booz Allen Hamilton in February. Between those two groups, DHS has awarded CDM DEFEND task orders for seven of the 24 CFO Act agencies. The rest of the bunch appears to be coming along shortly.
The CDM DEFEND task order replaces the previous blanket purchase agreements for CDM that are expiring in August. The new task orders support all phases of the program, but are designed to speed the current rollout of Phase 3, which handles event and incident response on agency networks and boundary protection.
Cox said that the new task orders provide a longer window for contracted services, reflecting lessons learned by DHS since CDM was first introduced
“One of the things that we found with the Phase 1 task orders was that we were going in with a set of work within a constrained time period, three years,” Cox said. “It was a bit of a struggle sometimes to schedule in amongst all the other agency priorities.”
“We took that lesson learned, expanded out the runway with the DEFEND task orders, going from shorter two to three contract periods to six years,” he said.
Within these elongated contracts a flexibility mechanism needed to be built in to tackle evolving threats in cyberspace, Cox said. In addition to the foundational DEFEND task orders–which support existing CDM efforts like agency dashboards–agencies can work with DHS and the General Services Administration to address emerging needs by making additional requests.
“What we do is work with the agencies and industry partners to write requests for service,” Cox said. “We could do a request for service for cloud security, mobile security, for ongoing authorization. That’s what gives us the flexibility over time.”
Cox said his hope is that the new task orders will facilitate the process of extending network oversight beyond on-premises environments and into the further reaches of the network.
“As we move into DEFEND, we’re going to be supporting agencies and getting visibility for information out in the cloud, the mobility environments, and consolidate all of that information into a central location,” he said.