Countdown to launch of CDM dashboard begins

The first iteration of the cybersecurity dashboard under the continuous diagnostic and mitigation (CDM) is scheduled to be released this month.

The Homeland Security Department and the General Services Administration plan to roll out the three components of the Arrow Electronics tool that is based on the RSA Archer eGRC platform to task order awardees under the CDM program in August, according to a DHS/GSA PowerPoint presentation detailing the program’s plans obtained by Federal News Radio.

The dashboard modules include a federal enterprise management module, a continuous monitoring module and an on-demand applications (ODA) capability, the presentation stated.

GSA and DHS also said they will release updated versions of the dashboard every six months going forward.

As for the governmentwide dashboard, GSA and DHS say the initial version should be ready in the second quarter of 2016. Each agency will have one enterprise license, but multiple instances of the application are possible, the presentation stated.

So far, GSA has awarded task orders to provide assorted CDM services under phase one to eight agencies. Knowledge Consulting Group is the contractor for DHS headquarters, while Booz Allen Hamilton is handling the delivery of services to the departments of Agriculture, Energy, Interior, Transportation and Veterans Affairs, and the Office of Personnel Management and the Executive Office of the President.

Awards for agencies under Group C — the departments of Commerce, Justice, Labor, State and the Agency for International Development — and Group D — the departments of Health and Human Services and Treasury, GSA, NASA, Postal Service and the Social Security Administration— are expected to be awarded as early as Aug. 24, said one industry source.

DHS and GSA also are preparing for the first task order under phase 2 of the program. The presentation says the goal is to release the first request for quotes in the first quarter of 2016.

Phase 2 includes five services, access control management, security-related behavior management, credentials and authentication management, privileges and boundary protection.

This post is part of Jason Miller’s Inside the Reporter’s Notebook feature. Read more from this edition of Jason’s Notebook.

Related Stories