WASHINGTON—Secretary of Homeland Security Jeh Johnson announced today that the Department of Homeland Security (DHS), through the General Services Administration (GSA), has awarded three orders under the Department’s Continuous Diagnostics and Mitigation Program (CDM), making CDM tools and services available to 17 additional Federal agencies. DHS has now made CDM available to 97 percent of the federal civilian government.
“These awards constitute another major step forward in providing the entire federal civilian government with the ability to identify, prioritize, and fix the most significant problems on their networks in near-real time,” said Secretary Johnson. “With the continued implementation of CDM, agencies will be able to monitor networks internally for vulnerabilities that could be exploited by bad actors that have breached the perimeter. Together with the EINSTEIN system’s intrusion detection and prevention capabilities, CDM enhances the sophistication of our cyber defenses as a whole, and provides DHS with situational awareness about government-wide risk.”
In July, Secretary Johnson announced that he had directed that CDM tools be made available to 97% of the federal civilian government by the end of this Fiscal Year. The award of these three orders accomplishes that goal.
The CDM program is part of the Department’s approach to provide a common baseline of cybersecurity across the Federal civilian government. Each Federal department or agency is responsible for its own cybersecurity. DHS has the operational responsibility for protecting federal civilian systems from cyber threats, helping agencies better defend themselves, and providing response teams to assist agencies during significant incidents. Most cybersecurity incidents are caused by common, recognizable, and fixable issues. These include vulnerabilities or improper configurations in computers or software – one of the focuses of this CDM award. By continuously monitoring for these issues, Federal agencies can implement necessary fixes before damaging incidents occur. However, effectively identifying and mitigating such risks requires that agencies are able to monitor their entire network, view identified issues in a prioritized and actionable manner, and receive guidance on the most significant risks.
CDM addresses each of these considerations by providing:
- Individual agencies with commercial tools that continuously scan for cybersecurity risks;
- Individual agencies with dashboards that visualize specific risks and identify key trends; and
- A Federal dashboard that allows DHS to view and analyze government-wide risk data at a summary level
These awards mark the third, fourth and fifth (of six) awards under the Continuous Monitoring as a Service (CMaaS) Blanket Purchase Agreement (BPA) providing continuous diagnostic tools and integration services to Federal civilian agencies. Beyond Federal agencies, state, local, tribal, and territorial government partners are also able to purchase CDM tools directly from the GSA contract.