Continuous Diagnostics & Mitigation (CDM)
GSA Releases CDM SIN 132-44
GSA just released yet another new cybersecurity related SIN under GSA IT Schedule 70. IT Schedule Solicitation Refresh 44 was issued at 10:25 this morning and includes SIN 132-44, Continuous Diagnostics and Mitigation (CDM) Tools.
GSA has been working with DHS to create the CDM SIN as a replacement for a BPA that expires in August of 2018. The project began with an RFI released in March of 2017, followed by an Industry Day in April, and the posting of draft solicitation changes last month.
What Does the CDM Tools SIN 132-44 Cover?
The CDM Tools SIN 132-44 includes software, hardware, and services that safeguard, secure, and strengthen cyberspace and network security. The following is a description of SIN 132-44 pulled from IT Solicitation Refresh 44: “Includes Continuous Diagnostics and Mitigation (CDM) Approved Products List (APL) hardware and software products/tools and associated services. The full complement of CDM subcategories includes tools, associated maintenance, and other related activities such as training.
The 5 Subcategories CDM Capabilities Specified Under This SIN Are:
- Manage What is on the network?: Identifies the existence of hardware, software,
configuration characteristics and known security vulnerabilities.
- Manage Who is on the network?: Identifies and determines the users or systems with
access authorization, authenticated permissions and granted resource rights.
- Manage How is the network protected?: Determines the user/system actions and behavior
at the network boundaries and within the computing infrastructure.
- Manage What is happening on the network?: Prepares for events/incidents, gathers data
from appropriate sources; and identifies incidents through analysis of data.
- Emerging Tools and Technology: Includes CDM cybersecurity tools and technology not in
any other subcategory.”
Getting on the DHS Approved Products List (APL) & CDM SIN
Like all other IT Schedule 70 SINs, there will be no cap on the number of contractors awarded. Unlike other SINs, CDM offerings must first be approved by DHS and added to the CDM Approved Products List (APL), detailed under Factor 6 in the IT Solicitation. While you can submit GSA IT Schedule 70 modifications at any time, CDM APL submissions will only be accepted from the first Monday through Friday of each month. DHS intends to update the APL by the end of each month.
An APL package, consisting of an APL Submission Form and supporting documentation, must be submitted for each Product Family you wish to add. DHS will conduct an initial review to ensure completeness of the package, followed by a technical evaluation based upon tool capability requirements. If you receive DHS approval and are added to the APL, a courtesy copy will be sent to GSA, at which time you can complete the GSA proposal/modification process.
DHS Approved Products List Form
Your DHS Approved Products List Form will consist of the elements below. Visit www.gsa.gov/cdm to download a copy of the form and instructions, available on the right hand side of the page under “CDM Resources”.
- Offeror Profile
- Product Profile (Manufacturer & Family)
- Supporting Documentation
- VPAT for Each Product
- GSA Approved Commercial Supplier Agreement Terms, also known as End User License Agreement (EULA)
- Supply Chain Risk Management (SCRM) Plan for Each Product Manufacturer to Include:
- Product Assurance
- Counterfeit Avoidance and Mitigation
- Supplier Management
- Insider Threat Management
- Documentation that Supports Submission Can Be Provided to Government
- CDM Common Requirements
- Actual State
- Interoperability (Interop)
- Timeliness and Completeness
- Policy Decision Point
- Tool Capability Requirements for Relevant Subcategories
Whether you currently hold a GSA IT Schedule 70 Contract or need to start the proposal process, Federal Schedules, Inc. can assist your company in pursuing the CDM Tools SIN 132-44. Call us at 703-709-8700 or contact us online.