The much-anticipated first award under Phase 1 and task order 2 of the continuous diagnostics and mitigation (CDM) program finally is out.
Knowledge Consulting Group will implement tools and services from three vendors on the Homeland Security Department’s network.
According to the award notice obtained by Federal News Radio, KCG received a $29 million contract to implement McAfee’s vulnerability manager and ePolicy Orchestrator tools, ForeScout’s CounterACT’s tool for network access control and Splunk’s big data analytics software.
“This is in order to fill gaps in DHS’s existing continuous monitoring services by installing tools and sensors to reach a common set of capabilities,” the award notice stated.
Insight by Carahsoft: This exclusive e-book demonstrates just how far agencies have come and where they still need to go to take fully advantage of DevSecOps to drive modern capabilities to their customers.
One vendor said the award shows DHS and GSA are committed to providing a certain level of technology to implement CDM.
“This award is encouraging in the fact it proves the government is actually using a best value determination. This wasn’t a LPTA award,” said the vendor, who requested anonymity because the award wasn’t officially announced.
The General Services Administration, which acts as the procurement arm for DHS, said it received 10 proposals for task order 2A.
Matt Brown, vice president for homeland security at Knowledge Consulting Group, said in an interview that the award is validation of the technical direction of the CDM program.
“The continuous monitoring concept has been around for a while, and the CDM program has a specific level of requirements,” Brown said. “I compare it to the three-pedal car, which used to be developed differently by all the automakers until it was standardized. Continuous monitoring was the same but now you have consistency and standards with DHS defining what it means to be CDM compliant.”
Unsuccessful bidders have three days to request a debriefing and then 10 days after that to file a bid protest. Sources said DHS doesn’t plan to set a start date for the implementation of the tools until the protest window closes.
“CDM provides an integrated way to assess, prioritize and manage cyber risk. And understanding and prioritizing risk is what the NIST cybersecurity framework is all about. You have to know what your biggest risks are before you can decide how best to protect them,” said Patrick Flynn, Intel Security director of homeland and national security programs, in a statement. “Another benefit of CDM is that it will provide standardization of information, operations and tools across federal agencies. There are a lot of cybersecurity technologies in place across the government today, but they’re not always coordinated and integrated. Integration of cyber tools is essential if we’re going to protect agencies against breaches. At Intel Security (formerly McAfee) we spent years preparing for CDM and developing new tools to meet the government’s needs.”
The award comes as GSA also is facing an agency-level pre-award protest as of Jan. 30 on the task order for Group B, which likely includes the departments of Energy, Transportation, Agriculture and Veterans Affairs.
GSA asked vendors to validate their bids for task order 2B until April 1.
DHS worked with agencies to group them by cyber needs and architectures.
Brown said DHS detailed the schedule for next set of task orders. As Group B goes through the protest, vendors are finalizing their bids, which are due in the next two weeks, for Group C, working on the task order for Group D, which are due at the end of March or early April and in the early stages of preparing their proposals for Group E, which are due at the end of April or early May.
“DHS encouraged the teaming of vendors under the BPA because of extent of work coming for phase 2,” Brown said. “We knew the task order to support DHS would be highly competitive as most companies which originally went after the CDM contract had DHS focused teams.”
Recently, Grant Schneider, a federal cybersecurity adviser within the Office of Management and Budget, said these tools will integrate with the recently awarded agencywide dashboards.
The award to KCG was the third one under the $6 billion CDM program. DHS/GSA awarded $60 million in tools in January 2014 and then the agency-level dashboard late in 2014.
But this deal was the first of seven contracts for tools and services under CDM, which the 17 vendors are most excited about.