DHS, in partnership with the General Services Administration, established a government-wide acquisition vehicle for continuous diagnostics and mitigation (CDM). The CDM blanket purchase agreement (BPA) is available to Federal, State, local, and tribal government entities. BPA participants achieve cost savings through tiered-price and task order discounts, enabling more efficient use of scarce resources to be spread further. This strategy results in an enterprise approach to continuous diagnostics, including consistent application of best practices.
CDM Better Protects Government Systems and Privacy
The CDM Program enhances government network security through automated control testing and progress tracking. This approach:
- Provides services to implement sensors and dashboards;
- Delivers near-real time results;
- Prioritizes the worst problems within minutes, versus quarterly or annually;
- Enables defenders to identify and mitigate flaws at network speed; and
- Lowers operational risk and exploitation of government IT systems and networks.
Additionally, for Federal cyber investments, the CDM program fulfills Federal Information Security Management Act (FISMA) mandates.
The Continuous Diagnostics and Mitigation (CDM) program is designed to rigorously ensure personal privacy. Data sent from CDM participant networks to DHS does not include any Personally Identifying Information (PII) or information about specific department or agency computers, applications or user accounts.