The General Services Administration (GSA) plans to host an industry day next Monday to discuss plans for a new contract schedule that federal agencies would use to acquire cyber security tools for monitoring their networks.
The agency is proposing a Special Item Number (SIN) on government-wide contracting vehicle called Schedule 70 so that federal departments and agencies could acquire Continuous Diagnostics and Mitigation (CDM) tools for their networks. GSA has a Blanked Purchase Agreement (BPA) with 17 vendors for the acquisition of the CDM products. The BPA expires in August 2018.
The April 17 industry event will be held at the GSA’s offices in Washington, D.C. The purpose of the meeting is to raise awareness of the expiring BPA and how GSA is working with the Department of Homeland Security to develop the CDM Tools SIN. GSA also said that the event will provide information about the CDM program and the SIN product qualification requirements through the DHS Approved Products List process.
In March, GSA released an information request to industry and relevant stakeholders on the proposed CDM SIN.
DHS manages the CDM program and GSA is responsible for establishing the acquisition structure for agencies to buy the cyber tools.
The CDM program is being rolled out in four phases. The first phase is focused on tools for better understanding the hardware, software and configuration settings on networks and on vulnerability management. The second phase is focused on access control, credentials and authentication, privileges, and security-related behavior.
Phase 3 consists of boundary protection and event management throughout the security life-cycle, and the fourth will focus on protecting data on networks.