The Department of Homeland Security (DHS) said Monday it awarded three orders under the Continuous Diagnostics and Mitigation (CDM) program through the General Services Administration (GSA) to make the new services available to 17 additional federal agencies.

The department highlighted with this announcement DHS has made CDM available to 97 percent of the federal civilian government, accomplishing a goal set by Secretary of Homeland Security Jeh Johnson in July in the wake of the Office of Personnel Management (OPM) hacks (Defense Daily, July 8).

iStock Cyber Lock

The CDM program is meant to fix problems within the network perimeters of federal agencies in near-real-time. Whereas the EINSTEIN program guards the perimeter of an agency network like a gateway and perimeter fence scanners, the CDM program monitors within a network for vulnerabilities and suspicious behavior once a bad actor may have breached the perimeter.

“Most cybersecurity incidents are caused by common, recognizable, and fixable issues. These include vulnerabilities or improper configurations in computers or software–one of the focuses of this CDM award,” the department said.

Under the orders Northrop Grumman [NOC] was awarded over $32 million for Task Order 2 Group C on Sept. 8, Booz Allen Hamilton [BAH] received nearly $83 million for Task Order 2 Group D on Aug. 31, and Hewlett Packard [HPQ] got almost $22 million for Task Order 2 Group E on Aug. 31.

These are the third, fourth, and fifth (of six) awards under the Continuous Monitoring as a Service (CMaaS) Blanket Purchase Agreement (BPA) to provide CDM tools to federal agencies, the department said.

This is the second task order under CDM for both Hewlett Packard and Northrop Grumman, with the first awards given in early 2014 (Defense Daily, Jan. 16, 2014).

“These awards constitute another major step forward in providing the entire federal civilian government with the ability to identify, prioritize, and fix the most significant problems on their networks in near-real time. With the continued implementation of CDM, agencies will be able to monitor networks internally for vulnerabilities that could be exploited by bad actors that have breached the perimeter,” Johnson said in a statement.

Homeland Security Secretary Jeh Johnson. Photo: DHS
Homeland Security Secretary Jeh Johnson. Photo: DHS

“Together with the EINSTEIN system’s intrusion detection and prevention capabilities, CDM enhances the sophistication of our cyber defenses as a whole, and provides DHS with situational awareness about government-wide risk,” Johnson added.

With these contracts, awards for phase 1 of the CDM program is complete. This phase covers basic security monitoring services and managing assets.

Phase two will monitor network users to ensure they do not engage in unauthorized activity, focusing on identity management, managing accounts for people, and services. The final phase is planned to access activity within networks to identify anomalies and alert personnel (Defense Daily, June 2).

CDM is set to do this by providing individual agencies with commercial tools to continuously scan for cyber risks and dashboards to visualize risks and identify key trends. The program also provides DHS with a federal dashboard to view and analyze government-wide risk data at the summary level.

Earlier this year task order 2A was awarded to Knowledge Consulting Group (KCG) for nearly $30 million covering DHS and its components. Task order 2B was given to Booz Allen Hamilton for over $39 million covering the Departments of Agriculture, Energy, Interior, Transportation, the Veterans Administration, and OPM (Defense Daily, April 15).

The orders announced, 2C-2E, cover the remaining balance of CFO Act agencies. The final order in phase 1, order 2F, will provide CDM as a service via a virtual private network (VPN) to individual small micro agencies.

In additional to federal agencies, state, local, tribal, and territorial agencies are also allowed to purchase CDM tools directly from the GSA contract.