While threats to our most critical systems increase, agencies face ongoing challenges to keep IT assets safe from adversaries. On August 11, 2018, the continuous diagnostics & mitigation tools continuous monitoring as a services (CDM/CMaaS) blanket purchase agreements (BPAs)expired and were replaced by a new special item number (SIN) on IT Schedule 70: The CDM Tools SIN (132-44).
The CDM Tools SIN on IT Schedule 70 provides agencies with easier access to a governmentwide set of information security continuous monitoring (ISCM) tools.
The CDM Tools SIN also:
Here are five considerations for choosing the CDM Tools SIN, when implementing your system security plans and IT security solutions:
Our CDM Tools SIN provides agencies with products and associated services that monitor and report into their CDM agency dashboard. It also allows them to manage:
GSA’s partnership with DHS ensures that the products available on the CDM Tools SIN have gone through a sophisticated vetting process. They are added to DHS’s CDM approved products list (APL) before being added to the CDM Tools SIN. Products on the APL are consolidated and categorized for ease of discovery.
The APL is the authoritative approved product catalog for products that meet the department’s CDM requirements. DHS reviews new products every month, allowing for new and emerging products to become part of the CDM marketplace. Once approved and placed on the APL, vendors can apply to IT Schedule 70 to sell their new product on the SIN.
Federal agencies can use the CDM Tools SIN; state, local, tribal, and territorial government entities can also access the CDM Tools SIN through GSA’s Cooperative Purchasing Program.
The SIN is also available to Dynamic and Evolving Federal Enterprise Network Defense (DEFEND) awardees purchasing CDM tools, the Department of Defense, and other organizations that can use IT Schedule 70.
The CIO Council recently published the CISO Handbook to give chief information security officers (CISOs) important information they need to implement federal cybersecurity at their agencies. The CDM tools SIN is called out as a resource for CISOs to address federal cybersecurity requirements.
Agencies use CDM Tools to comply with various federal mandates and to strengthen their network defenses through sustained monitoring of network activity and automatic identification and prevention of any activity determined to be unauthorized.
GSA makes it easy to access these tools through the www.gsa.gov/cdm webpages, featuring an ordering guide and links to GSA eLibrary’s CDM Tools page. We update the site every month with the new DHS Approved Products List. We also feature a guide for industry vendors interested in applying to sell products on the CDM Tools SIN.
For more information on the CDM Tools SIN, visit www.gsa.gov/cdm, or contact the IT Security Subcategory Team at itsecuritycm@gsa.gov.
Please follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.
Views: 1931