The General Services Administration gave agencies more detail about its highly anticipated new special item number for the governmentwide Continuous Diagnostics and Mitigation program Monday.
CDM, which is administered by the Department of Homeland Security, provides federal agencies real-time cybersecurity protection and response tools.
The CDM tools are currently provided through a blanket purchase agreement provided by GSA, but agency officials anticipate rolling out a new SIN to offer them on the agency’s IT Schedule 70 — a $15-billion contract vehicle — sometime this summer to streamline the acquisition process.
GSA and DHS officials hosted a webinar Monday on what to expect from the forthcoming SIN. Here are the important takeaways:
Products need DHS approval to appear on the SIN
CDM products currently offered in the blanket purchase agreement will automatically be offered on the new SIN, but DHS officials said new products will first have to be added to its approved products list.
This means that contract holders will have to submit each new product to DHS approval before trying to use it under the newest SIN. It won’t matter if other contractors have already submitted the same products, said Cristen Cole, deputy section chief of acquisition and requirements management at CDM’s program management office.
New submissions will be accepted on the first five business days of each month and will need to include documentation of Section 508 compliance, GSA-approved commercial supplier agreement terms, a cyber supply chain risk management plan and other items.
The SIN will offer FASt Lane contracts
Once new CDM tools clear the APL process, GSA officials said they will use the FASt Lane program to award contracts within 45 days and issue modifications within two days.
GSA introduced the FASt Lane program in April 2016 as part of its Making It Easier initiative, which is meant to simplify the language around its IT Schedule 70 offer process to new vendors, and ease the burden for those innovative up-starts to get on board the acquisition vehicle.
Contractors wanting to utilize the FASt Lane option will need approved commercial supplier agreement terms and a letter of supply to participate.
Services and the related products must be bundled for approval
GSA officials said services contractors that are looking to provide on the SIN — such as penetration testing or systems integration — will be tied to APL approval of the related products.
“So, you couldn’t just have a service like an [Information Technology Professional Services] 132-51 SIN,” said Anissa Burley, GSA’s branch chief of the Office of IT Schedule 70 contract operations in the IT services contract division. “It has to be a service that is a part of your [total submission] when it comes to your CDM tools.”
GSA originally issued a request for information about the proposed CDM SIN on March 22 with a targeted debut set for this summer. Agency officials reiterated the summer goal on the webinar, but they didn’t offer a specific target date, saying only that modifications would be processed in August.