Federal Cloud Computing Strategy [Draft for Public Comment]



Trusted Internet Connections

In 2007, M-08-05 Implementation of Trusted Internet Connections (TIC)3 was released, with the purpose of standardizing the security of external network connections used by Federal agencies while reducing the number of those external network connections. The Trusted Internet Connections policy was established when agencies maintained the majority of their systems within their agency-owned and operated networks, and when networking was constrained by physical limitations. Since then, the technology landscape has changed dramatically with the proliferation of private-sector cloud offerings, the emergence of software-defined networks, and an increase in the mobile workforce. Improvements to security are now driven by standards and secured connections instead of limited physical connections.


ManTech secures $668M CDM contract

From: FedScoop

Written by

The Department of Homeland Security has awarded a $668 million contract to ManTech as part of its efforts to upgrade the Continuous Diagnostics and Mitigation cybersecurity program.

The Fairfax, Virginia, technology company secured the Group E contract of DHS’s Dynamic and Evolving Federal Enterprise Network Defense (DEFEND) program, ManTech officials said Tuesday in a statement. The company will provide cybersecurity services to nine federal agencies.

Read Complete Article


CDM moves to mobile

From: GCN

By Sara Friedman

With the first two phases of the Department of Homeland Security’s Continuous Diagnostics and Mitigation program firmly established on agency networks governmentwide, the CDM team is starting to look into how to monitor mobile devices as well.

“We want to be able to help agencies identify where incidents are, orchestrate those incidents throughout their organization and [send] the information to the [National Cybersecurity and Communications Integration Center],” CDM Program Manager Kevin Cox, said at the Aug. 30 ATARC Federal Mobile Technology Summit. “We also want to add some optimization on the agency response.”


What is CDM and why is it so lucrative for Booz Allen and others?

From: Washington Business Journal

By  – Senior Staff Reporter, Washington Business Journal

Think of it as monitoring as a service, using software and sensors to root out and fix cyber problems in a more proactive way. It’s pumped billions of dollars in task orders to local government contractors.

Read Complete Article [paywall]


DHS awards Booz Allen $1 billion cybersecurity contract

From: Axios

The Department of Homeland Security announced Tuesday it is awarding a $1.03 billion contract to Booz Allen Hamilton to boost cybersecurity vulnerability detection and mitigation in six federal agencies.


How it works: Agencies install network sensors to analyze cybersecurity gaps to help prioritize them. This can include anything from finding out which systems are un-patched to managing cloud security to access privileges to where data is flowing.

Read Complete Article


CDM Bill Is a Small Price for Major Cybersecurity Improvements

From: Nextgov

By Tom Gann

The legislation has the potential to correct many of the shortcomings of the Continuous Diagnostics and Mitigation program’s initial implementation.

Cyberattacks on federal infrastructure continue to be one of the greatest threats to U.S. national security, jeopardizing the integrity of our nation’s data and proving costly for the federal government.

A 2018 report published by the White House Council of Economic Advisers estimates that cyber crime costs the U.S. economy between $57 billion and $109 billion per year, or 0.3 and 0.6 percent of the value of all the U.S. goods and services. Among bills that address cybersecurity, a bill to advance the federal government’s Continuous Diagnostics and Mitigation program stands out as a good bet.


SBA Approach to CDM Challenging Status Quo

From: MeriTalk

The Small Business Administration’s (SBA) Deputy CIO Guy Cavallo and CTO Sanjay Gupta said today at the FCW Cybersecurity Summit that their agency’s unorthodox approach to the Continuous Diagnostics and Mitigation (CDM) Program is yielding a ton of practical benefits, even though it required a bit of a departure from CDM’s initial guidelines.

Now, SBA is providing a new potential model for other agencies – many struggling with the first of CDM’s four phases – to use when considering how to achieve the outcomes the program intends.

Read Complete Article


Booz Allen Hamilton Wins Second CDM Defend Task Order for Group D

From: MeriTalk

Booz Allen Hamilton has won a task order worth up to $1.03 billion to provide services under the Continuous Diagnostics and Mitigation (CDM) Program to CDM’s Group D Federal agencies, according to contracting information on the General Services Administration’s (GSA) Federal Procurement Data System.

Group D includes GSA, the Departments of the Treasury and Health and Human Services, the Social Security Administration, National Aeronautics and Space Administration, and the U.S. Postal Service. The award was made on July 24, according to GSA contract data, and includes a base year with five one-year options, which would bring the program to July 2024 if all options are exercised.


Rep. Ratcliffe introduces bill to modernize DHS’s continuous diagnostics mitigation program

From: Homeland Preparedness News

by Dave Kovaleski


“CDM is a critical component of our national cybersecurity strategy. Supporting DHS Under Secretary (Christopher) Krebs’ effective deployment and ongoing improvement of CDM at NPPD is a top priority of the Cybersecurity and Infrastructure Protection Subcommittee,” Ratcliffe, chairman of the Cybersecurity and Infrastructure Protection Subcommittee on the House Homeland Security Committee, said.

The goal of the bill is to boost the long-term success of the CDM program by making sure it keeps pace with innovative capabilities in the private sector. This will help ensure that CDM continues to evolve and adjust to the changing cyber threat landscape. It will also require DHS to develop procedures for reporting systemic cybersecurity risks and potential incidents based on data collected under CDM.


CGI takes $500M CDM cyber services order

From: Washington Technology

By Ross Wilkers

CGI Federal has won a task order with a potential value of at least $500 million for cybersecurity services to five federal agencies under the government-wide Continuous Diagnostics and Mitigation Program.

This order covers tools and services for departments of Commerce, Justice, Labor and State; plus the U.S. Agency for International Development. Those are “Group C” agencies under the larger $3.4 billion CDM DEFEND umbrella program run by the Homeland Security Department.

Read Complete Article

Older posts «