Strengthening the security of federal networks, systems, and data is one of the most important challenges federal agencies face. Therefore, the General Services Administration (GSA) is changing how it provides access to the Department of Homeland Security (DHS)'s cybersecurity program through the Continuous Diagnostics and Mitigation (CDM) program. GSA's newest Schedule 70 Special Item Number (SIN) 132-44, Continuous Diagnostics and Mitigation Tools, is a dynamic approach to strengthening the cybersecurity of government networks and systems. The jointly administered program by DHS and the GSA currently operates under a Blanket Purchase Agreement (BPA) which will expire in August, 2018. The GSA began the BPA-to-GSA transition process by adding the SIN 132-44 to IT Schedule 70.
What this SIN covers
The DHS and GSA are collaborating to provide federal, state and local partners with tools for network monitoring and analyzing cybersecurity risk threats. The program goals are in the following five categories:
- Manage "What is on the network": Identifies the existence of hardware, software, configuration characteristics and known security vulnerabilities
- Manage "Who is on the network": Identifies and determines the users or systems with access authorization, authenticated permissions and granted resource rights
- Manage "How is the network protected": Determines the user/system actions and behavior at the network boundaries and within the computing infrastructure
- Manage 'What is happening on the network": Prepares for events/incidents, gathers data from appropriate sources, and identifies incidents through analysis of data
- Emerging Tools and Technology: Includes CDM cybersecurity tools and technology not in any other subcategory.
This SIN provides rapid access to DHS-approved commercially available products and associated services while offering flexibility in contract durations, cost efficiencies in data management, and streamlined ordering.
What to do now
To add products and services under SIN 132-44, contractors must first add their products and services to the CDM Approved Product List (APL) by completing a form and filling out a template to identify which proposed items apply to the five subcategories. Once firms have added items to the CDM APL, then Schedule 70 Offers or Add SIN Mods from existing Schedule 70 contractors can be submitted to GSA.
There is a SIN-specific technical evaluation for 132-44 of Product Qualification Requirements. New vendors submitting an offer for a contract and the CDM SIN must provide: (1) Corporate Experience, (2) Past Performance, (3) Quality Control, and CDM Tools SIN Specific Technical Factor of Product Qualification Requirements (CDM APL requirement). Current contractors that have a Schedule 70 GSA contract that want to add the new SIN must provide the SIN Specific Technical Factor of Product Qualification Requirements (on CDM APL) and a modification request to add the new SIN and offerings to GSA.
Tips for contractors:
- Check out the DHS Approved Products List (APL) to see if your potential products are similar to other contractors.
- Work with GSA to assist in review of your CDM documents. This will make adding the new SIN much easier for all involved! Check out the GSA contact information for questions about the CDM Tools SIN on their page dedicated to the program.
- Existing contractors: If not already approved on your contract, send new Commercial Supplier Agreement Terms for review by GSA as soon as possible and obtain Letters of Supply as required.
The CDM program is a great opportunity for contractors affiliated with cybersecurity to have access to GSA's Schedule 70 and gain the opportunity to work in a partnership with the DHS. If you are interested in finding out more about GSA's CDM Tools or applying for an IT Schedule 70 contract, reach out to our team of GSA experts. Contact us today to learn how Winvale can help you acquire a Schedule 70 contract.