The General Services Administration (GSA) will be awarding the remaining first phase orders of a cyber security program aimed at interior protection for federal civilian agencies within the next 90 days, a GSA official said at a conference on Tuesday.
GSA is managing the acquisition of the Continuous Diagnostics and Mitigation (CDM) program for the Department of Homeland Security, which is overseeing implementation of the security effort.
The GSA expects task orders 2C through 2E, the balance of CFO Act agencies for phase 1, to be awarded in the next 90 days, Jim Piché, group manager of Federal Systems Integration and Management Center (FEDSIM) at GSA, said at the Federal IT Acquisition Summit.
This will consist of about $100 million worth of contracts under the CDM Blanket Purchase Agreement (BPA), Piché said.
Phase one of the CDM covers basic security monitoring services and manages assets. This includes foundation, hardware and software asset management, security configuration management, and vulnerability management. Phase two will focus on identity management, managing accounts for people and services. Phase two will ensure specific users on agency networks are authorized to be in certain areas of the networks.
The CDM program is potentially worth upward of $6 billion, although only $130 million in awards have been made before task order 2C.
Task order 2A was awarded to Knowledge Consulting Group (KCG) for nearly $30 million in February, covering DHS and its components. Task order 2B was awarded to Booz Allen Hamilton [BAH] for over $39 million in April, covering the Departments of Agriculture, Energy, Interior, Transportation, the Veterans Administration, and the Office of Personnel Management (Defense Daily, April 15).
Piché also said Phase 2 products will be on the BPA within about the next 30 days.
Task order 2F is going to be different from the other Phase 1 awards, Piché said. This final phase 1 award, because it is so far down the road, will include all of the small micro agencies and will provide CDM as a service, delivered over a virtual private network (VPN) to each agency.
2F will also be both Phase 1 and Phase 2 because the GSA will have Phase 2 products on the BPA by then. “So for these small micro agencies, they’re going to go not only from managing the components of their network but also the roles and the access of the network as well. Right from their very first delivery order. Task order 2F is exciting for us,” Piché said.
Order 2F is expected to be released in the first part of FY 2016.