Jason Miller of Federal News Radio on the TSA and HHS being dissatisfied with CDM and opting to procure their own cyber dashboards:
The hope and expectation of the Homeland Security Department’s continuous diagnostics and mitigation (CDM) program hasn’t diminished as the cyber program has rolled out over the past year.
No bid protests nor miscommunications and have stymied the program, which Congress funded at $183 million in 2014 and the White House asked for another $103 million in 2016.
But two recent agency procurements make one wonder if patience is running short among agencies.
The Transportation Security Administration and the Department of Health and Human Services both issued separate procurement actions to either buy or look into buying their own cyber dashboards.
TSA, most recently, issued a request for quote under the CDM blanket purchase agreement.
“The Information Assurance and Cyber Security Division (IAD) requires (IT) tools and services to support the performance goal of integrating IT infrastructure and data to provide senior management greater insight into high risk areas while prioritizing investment in areas in which senior management and other stakeholders have the most interest,” stated the RFQ, which Federal News Radio obtained. “Integration of IT infrastructure and data allows for pinpointing areas of concern that helps TSA assess and mitigate risk, and will result in the improvement of the overall protection of TSA IT infrastructure assets and applications.”
DHS’s Continuous Diagnostics and Monitoring program – CDM – does not appear to be doing too well:
“The DHS CDM program conceived a consensus cyber risk management path, as the Office of the Director for National Intelligence and the Defense Information Systems Agency are trying for intelligence community and for the Defense Department agencies. It’s unclear if DHS executed far and fast enough internally for large civilian agencies to follow suit. Of the 33 civilian agencies, it is likely smaller ones will adopt a DHS template, while medium to large agencies will run their own course.”
That question of how quickly DHS has rolled out the CDM tools and services continues to come up.
Sources say House and Senate oversight committees are growing concerned about the time it’s taking to get CDM tools and services to the agencies as the cyber threat grows.
Much of the issue around speed is not DHS’ fault. DHS continues to say the program is on schedule, but at least two RFQ protests have caused some delays in getting contracts awarded and agencies started down the implementation paths.
Business as usual.