Hewlett Packard [HPQ] has provided details on the software it will be offering under a $32.4 million contract with the Department of Homeland Security (DHS) as part of its Continuous Diagnostics and Mitigation (CDM) program, the company said Wednesday.
HP received the lion’s share of the first CDM task order awarded in January, but it has not commented on its software offerings until this week. The company said it will be providing HP WebInspect and HP Fortify Static Code Analyzer (SCA) to interested federal agencies. WebInspect mimics hacking attacks to enable agencies to analyze their applications and services for vulnerabilities. SCA scans and analyzes software code, allowing agencies to identify gaps at the code level.
HP called the award the “largest acquisition of software security assurance tools worldwide” in a statement.
“As one of the first companies to begin work under the CDM program, HP is well positioned to help agencies enhance their security arsenal by performing analysis, reporting and threat mitigation on their core software assets,” said Al Kinney, HP’s vice president for the Cybersecurity Solutions Group, U.S. Public Sector.
January’s award for software licenses to 33 federal agencies totaled to $60 million. In addition to HP,
Northrop Grumman [NOC] received a task order for $15.8 million, Knowledge Consulting Group (KCG) for $8.5 million and Technica for $3.8 million. (Defense Daily, January 16, 2014)
CDM is part of a government-wide effort to move from periodic checks of networks to continuous security. Last August, DHS and the General Services Administration (GSA), which administers the task orders, announced the selection of 17 vendors eligible to sell products and services under a $6 billion blanket purchase agreement.
DHS has not yet made public which agencies will be buying as part of the initial task order, but John Streufert, the agency’s director of Federal Network Resilience, said 124 civilian agencies have signed memorandums of agreement to work with CDM. While DHS is primarily responsible for the .gov domain, the Department of Defense and the Intelligence Community may also purchase products and services through CDM. (Defense Daily, January 30, 2014)