Helping Federal Agencies with CDM Prioritization and the Request for Service (RFS) Process

This content is provided by FireEye

DHS’s Continuous Diagnostics and Mitigation (CDM) program is pivotal to improving government cyber security. The CDM program has entered Phase 3, moving from discovery and management of government networks to active defense and response. This phase focuses on monitoring what is actually happening on the network, offering federal agencies the opportunity to significantly advance the capabilities of their cyber security programs.

The contract/task order component of Phase 3, known as Dynamic and Evolving Federal Enterprise Network Defense (DEFEND), includes professional expertise to understand what is happening on networks and effectively respond to security incidents. It’s important to understand that the CDM program is about a lot more than access to better cybersecurity tools. The program also delivers vital training and services, provided by approved contractors.

FireEye is working closely with agency cyber leaders as they look to meet the Phase 3 requirements:

  • Identify integrated solutions to address identified cyber program capability gaps.
  • Identify the training and services to support the identified solutions and ensure successful adoption of new capabilities.
  • Adopt and leverage actionable cyber intelligence to improve protection, event identification, response, and recovery.
  • Establish as-needed, on-demand, cyber security surge capabilities to easily address urgent skill shortages during event responses.

The specific process through which these tools and training can be delivered through CDM is known as a Request for Service (RFS). An RFS can cover both products and services. It needs to explain what the agency is trying to accomplish and map that security objective back to CDM Phase 3 requirements. Products and services identified in an RFS must be on the CDM Approved Products List (APL) to qualify for possible off-setting funding from DHS.

FireEye has been helping government customers mature and streamline their cyber operations for over a decade. This support includes working with many agencies to successfully manage the RFS process, including identifying cybersecurity vulnerabilities and aggregating the necessary RFS documents for agency leadership review and subsequent submission.

FireEye recommends that agencies use the RFS process to:

  • Reassess, and then reprioritize, their current security gaps in alignment with the CDM Phase 3 requirements;
  • Acquire expert services to:
    • Redesign, implement, and optimize cyber workflows
    • Conduct advanced training on new solutions
    • Establish regular attack simulations
  • Acquire access to highly skilled cyber experts in an “on-demand” fashion.

The vision and mission of the CDM program is further supported by the Continuous Monitoring capabilities of FireEye’s new Security Instrumentation Platform solutions.  These Security Instrumentation capabilities came to FireEye through the acquisition of Verodin. Verodin enables the continuous monitoring of live security controls. Using the Verodin Security Instrumentation Platform (SIP), organizations and government agencies can quantifiably validate if their controls are actually protecting critical assets as intended, then apply FireEye protection where its most urgently needed.

Multiple FireEye products and services map to specific CDM DEFEND program capability requirements such as Boundary Protection (Bound), Event Management (MNGEVT), Operate, Monitor and Improve (OMI) and Design/Build-In Security (DBS).

FireEye is working with many agencies to help them take maximum advantage of the opportunities made available through the CDM program. If your organization would like to understand how FireEye can help you fully leverage CDM to help meet your cyber goals, visit us at

Tom Topping is Sr. Director of Strategic Initiatives & Programs at FireEye, an intelligence-led security company.