The General Services Administration (GSA) is on track to award the next round of task orders in January and February 2015 as part of a cyber security monitoring program managed by the Department of Homeland Security (DHS), according to a GSA official.
Bids for Task Order 2A, which covers cyber security-related tools and services for DHS and its components, came in today and an award to a single contractor team is expected in January, Kristen Knapper, director, Civilian Sector of the Federal Systems Integration and Management Center at GSA, tells HSR this month at a cyber security conference hosted by Federal Computer Week.
GSA issued a solicitation on Aug. 18 for Task Order 2B, which will be for similar tools and services for the Departments of Agriculture, Energy, Interior, Transportation, the Executive Office of the President, Veterans Administration and Office of Personnel Management, with an award slated for February, Knapper told attendees. Bids are due in 30 to 40 days and an award to one contractor team is planned, she says.
The task orders will be made under the DHS-managed Continuous Diagnostics and Mitigation (CDM) program, which will allow federal civilian agencies to better monitor their cyber networks for anomalies and problems. GSA and DHS in August 2013 selected 17 teams, each led by a single vendor, to compete for task orders under the potential five-year, $6 billion CDM program.
The CDM program is also available to state, local, regional and tribal governments.
In January 2014 GSA awarded the first task CDM task orders, worth a combined $60 million, to four companies to provide sensors that federal agencies could deploy to monitor their networks and respond to malicious traffic. The awardees were Hewlett Packard [HPQ], Knowledge Consulting Group, Northrop Grumman [NOC] and Technica. Those contracts have already resulted in $26 million in cost avoidance through the competitive pricing under CDM, GSA and DHS officials have said.
After Task Order 2B is awarded, GSA and DHS will pause before awarding the next four task orders under phase two of the CDM program, Knapper says. Although acquisition planning has begun for the next four task orders, the pause will allow lessons learned from the first two task orders to be incorporated into the proposals for the succeeding ones, she says.
The four remaining task orders in phase two are expected to move forward in two-week increments beginning next spring, Knapper says. According to Knapper’s briefing charts, the solicitation for the final group will go out late in the third quarter of FY ’15.
Task Order 2C is for the Departments of Commerce, Justice, Labor and State, and the U.S. Agency for International Development. Task Order 2D is for the GSA, Health and Human Services, NASA, the Social Security Administration, the Postal Service and the Treasury Department. Task Orders 2E and 2F cover another 31 departments, agencies and federal entities.
Knapper says the phase two task orders are basically gap fillers, which will help federal agencies get to a minimum baseline of tools and services for cyber security. According to GSA’s CDM website, the main goal of phase two is least privilege, which refers to restricted access to information on a computer network, and infrastructure integrity.
John Streufert, director of Federal Network Resilience within DHS’ Office of Cybersecurity and Communications, tells attendees that DHS is testing a computing security dashboard supplied by RSA, the security division of EMC Corp. [EMC]. He says the commercial off the shelf RSA Archer dashboard offered the highest value at the lowest cost.
Streufert says the dashboard, which combined with CDM equals better risk management, will be available for other agencies to purchase. He says agencies will maintain their own dashboards while the federal dashboard will hold only summary data, providing an enterprise risk picture
The federal CDM dashboard is supposed to give DHS more visibility into the state of network security within each federal agency. Streufert says the dashboard will achieve initial operating capability in Jan. 2015.
More information about the dashboard and the testing will be available in early 2015, he says.
RSA says its RSA Archer software modules allow users to build an efficient, collaborative enterprise governance, risk, and compliance program across information technology, finance, operations, and legal domains.