On the heels the Department of Homeland Security’s disclosure that it will award three massive cybersecurity contracts this summer for its Continuous Diagnostics and Mitigation program, federal officials said the agency will soon hear vendor pitches for products to serve the data protection phase of the program.
Terence Rountree, deputy director of the General Services Administration’s Office of IT Security Services, said Thursday that DHS will be evaluating CDM Phase 4 solutions for its approved products list starting the week of July 2.
“They are going to be accepting Phase 4 data protection under the emerging tools and technology area,” he said, speaking at GSA’s IT Acquisition Summit in Atlanta.
Phase 4 is focused on protecting data through a host of cyber sensors and other products.
Phases 1, 2 and 3 addressed asset and user management and data dashboards to monitor network activity. Phase 3 is nearing completion next month with 23 CFO Act agencies expected to report their network data to a central federal CDM dashboard.
DHS’s process for the approved products list involves a monthly assessment where agency officials determine which solutions to add to a CDM contract maintained by GSA.
If the products offered by vendors are approved by DHS and meet CDM’s technical requirements — which include elements like supply chain risk management protocols — then GSA will offer them for sale to federal, state and local agencies through the contract.
The evaluation comes following CDM lead Kevin Cox telling attendees Wednesday at the Forcepoint Cybersecurity Leadership Forum, produced by CyberScoop and FedScoop, that DHS will award new cybersecurity contracts this month, expected to be worth a combined $1 billion.
Rountree also addressed GSA’s “Highly Adaptive Cybersecurity Services” offering, saying that that contract “may be evolving.” He directed agency leaders and industry stakeholders to provide their input on how to make the contract better through a request for information issued last month.