Agencies Can Add to Their CDM Rollouts If They Foot the Bill

Malochka Mikalai/

Rather than wait for funding through the Homeland Security Department, agencies can use a particular task order modification to get what they need, when they need it.

Federal agencies are in the midst of deploying some $3.2 billion worth of cybersecurity tools purchased through a program managed by the Homeland Security Department and General Services Administration. But some agencies find the money isn’t flowing fast enough and want to supplement their scheduled purchase with their own funding

The Continuous Diagnostics and Mitigation program, or CDM, was established to help federal agencies get access to cybersecurity tools more quickly than they could through traditional contracting methods. That speed element was enhanced when program officials switched to a different acquisition model—called the Dynamic and Evolving Federal Enterprise Network Defense, or CDM DEFEND.

The initial awards and acquisitions through CDM DEFEND have been largely successful, according to Jim Piche, the homeland sector director for FEDSIM, an acquisition assistance outfit within GSA. But funding for the program is incremental, which means agencies can only receive tools as they are scheduled to deploy. Additional tools an agency might want to add to its rollout wouldn’t be covered by available CDM funding.

In order to circumvent this issue, program officials are enabling agencies to use requests for services—a form of task order modification.

“CDM DEFEND is a task order solution. The task order is written and covers the entire scope of CDM for the entire lifecycle for everything you could operationally think of around cybersecurity,” Piche said during a Nov. 28 talk at FCW’s Big Issues: CDM conference. “Agencies might have other vulnerabilities that they need covered or they’re going to accelerate their implementation at a different pace. They can provide their own funding via this RFS process and get the additional work done when they need to get it done.”

Piche noted the RFS process is not arduous and can be done by CDM acquisition officials or by agencies. Once the request is submitted, GSA contracting officers go through a review process to ensure it is within the scope of CDM.

Once approved, the RFS is integrated into the agency’s rollout plan as a task order modification.

“The request for service is just a way for anybody to onboard CDM work onto the task order,” Piche said.

The RFS change order approval process currently sits at about six weeks, though Piche said they are working to get that down to less than 30 days.