It’s really no surprise the General Services Administration and the Homeland Security Department chose the Alliant — and eventually the Alliant 2 —governmentwide acquisition contract to host the future of the continuous diagnostics and mitigation (CDM) program.
Since GSA awarded Alliant to 59 vendors in 2009, it has been a popular contract for buying complex technology services. Since 2009, agencies have awarded $15.5 billion worth of contracts across 756 task orders, including $3.4 billion in fiscal 2016.
GSA and DHS expect to add another $2.75 billon to $3.4 billion through the new CDM task orders called “DEFEND.” One industry source said this figure was probably the biggest surprise of the industry day.
Another industry source familiar with CDM, but didn’t attend the industry day, said it looks like GSA and DHS were better organized and prepared for this part of the update to CDM. GSA and DHS announced earlier this year it was changing their approach to the cyber program when the contract expired in August 2018.
The first details about the new approach came in April, when GSA and DHS held an industry day describing the process for vendors to get on the Special Item Number (SIN) for CDM products under GSA Schedule 70. Some in industry said the approach needed more clarification.
At this second industry day on May 15, GSA and DHS offered the first details of their plans for the long-term support and Phases 3 and 4 of CDM for Alliant vendors.
In slides obtained by Federal News Radio, GSA and DHS said the scope of DEFEND will focus on four areas:
Support existing CDM solutions at agencies;
Expand CDM capabilities to include CDM Phase 3 and Phase 4 functionality;
Provide the ability to supply a full CDM Solution to entities within an agency that did not participate in other phases of the task orders, including those for credentials and authentication management (CRED), and privileges (PRIV) management services;
Support other federal and CDM needs at agencies.
Under DEFEND, GSA and DHS are planning five task orders, including program management, dashboard and solution support, capability gap fill and expansion, agency support services and cybersecurity surge and incident support services.
Within the agency support services category, GSA and DHS will ask vendors to provide everything from operation and maintenance services, to governance to training, to asset management, to security accreditation, to strategic and programmatic support.
GSA and DHS say using Alliant and eventually Alliant 2 will let them utilize “flexible contract types for a longer period of performances.”
“The government will provide an estimated value for the tools and other direct costs (ODCs) contract line item numbers (CLINs), which will allow more flexibility during project execution as vendors will not be tied to a pre-award bill of materials (BOM),” the presentation stated.
All task orders will be cost-plus-award fee types and the agency groups will remain intact, with Groups A and B’s contract expected to be one year with five option years, while Groups Base C, D, E and F’s task orders are expected to be one year with six option years.
DHS and GSA plan to release the first task order for Group B, which includes the Executive Office of the President, the Office of Personnel Management and the departments of Energy, Interior, Transportation, Agriculture and Veterans Affairs, in July, and for Group A, which includes only DHS, in August.
In the meantime, GSA and DHS are planning “due diligence” sessions where they can talk with vendors about acquisition strategy, technical challenges and anything to enhance industry’s understanding of DEFEND and encourage more competition.