Information Technology - IT Security Community

BY BILL ZIELINSKI - OCTOBER 10, 2018

POSTED IN: CYBERSECURITY, TECHNOLOGY

While threats to our most critical systems increase, agencies face ongoing challenges to keep IT assets safe from adversaries. On August 11, 2018, the continuous diagnostics & mitigation tools continuous monitoring as a services (CDM/CMaaS) blanket purchase agreements (BPAs)expired and were replaced by a new special item number (SIN) on IT Schedule 70: The CDM Tools SIN (132-44).

The CDM Tools SIN on IT Schedule 70 provides agencies with easier access to a governmentwide set of information security continuous monitoring (ISCM) tools.

The CDM Tools SIN also:

• Allows for added flexibility and speed to market for emerging technologies related to the CDM Program
• Supports an expanded pool of industry partners offering CDM tools

Here are five considerations for choosing the CDM Tools SIN, when implementing your system security plans and IT security solutions:

1. We’ve made it easier to strengthen your network

Our CDM Tools SIN provides agencies with products and associated services that monitor and report into their CDM agency dashboard. It also allows them to manage:

• What is on the network
• Who is on the network
• What is happening on the network
• How data is protected

2. The Department of Homeland Security (DHS) has vetted all products on the CDM Tools SIN

GSA’s partnership with DHS ensures that the products available on the CDM Tools SIN have gone through a sophisticated vetting process. They are added to DHS’s CDM approved products list (APL) before being added to the CDM Tools SIN. Products on the APL are consolidated and categorized for ease of discovery.

The APL is the authoritative approved product catalog for products that meet the department’s CDM requirements. DHS reviews new products every month, allowing for new and emerging products to become part of the CDM marketplace. Once approved and placed on the APL, vendors can apply to IT Schedule 70 to sell their new product on the SIN.

3. The CDM Tools SIN is open to all GSA IT Schedule 70 users

Federal agencies can use the CDM Tools SIN; state, local, tribal, and territorial government entities can also access the CDM Tools SIN through GSA’s Cooperative Purchasing Program.

The SIN is also available to Dynamic and Evolving Federal Enterprise Network Defense (DEFEND) awardees purchasing CDM tools, the Department of Defense, and other organizations that can use IT Schedule 70.

4. Chief Information Security Officer (CISO) Handbook calls out the CDM Tools SIN

The CIO Council recently published the CISO Handbook to give chief information security officers (CISOs) important information they need to implement federal cybersecurity at their agencies. The CDM tools SIN is called out as a resource for CISOs to address federal cybersecurity requirements.

Agencies use CDM Tools to comply with various federal mandates and to strengthen their network defenses through sustained monitoring of network activity and automatic identification and prevention of any activity determined to be unauthorized.

5. We make it easy for you to order CDM Tools SIN

GSA makes it easy to access these tools through the www.gsa.gov/cdm webpages, featuring an ordering guide and links to GSA eLibrary’s CDM Tools page. We update the site every month with the new DHS Approved Products List. We also feature a guide for industry vendors interested in applying to sell products on the CDM Tools SIN.

For more information on the CDM Tools SIN, visit www.gsa.gov/cdm, or contact the IT Security Subcategory Team at itsecuritycm@gsa.gov.

Please follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.