Skip to main content

Continuous Diagnostics and Mitigation

Continuous Diagnostics and Mitigation (CDM) Program

Tools and Continuous Monitoring as a Service (CMaaS)

Blanket Purchase Agreements (BPAs)

The General Services Administration (GSA), Federal Acquisition Service (FAS), Assisted Acquisition Services (AAS), Federal Systems Integration and Management Center (FEDSIM) offers the Department of Homeland Security (DHS) and all Federal Departments and Agencies (D/As), State, Local, Regional, and Tribal (SLRT) Governments access to a multiple-award Blanket Purchase Agreement (BPA) that offers Continuous Monitoring as a Service (CMaaS) related products, services and solutions with cumulative, stair step pricing discounts. These BPAs were established on behalf of the DHS Office of Cybersecurity and Communications (CS&C), Continuous Diagnostics and Mitigation (CDM) Program.

The CDM Program helps transform the way federal and other government entities manage their cyber networks through strategically sourced tools and services, and enhances the ability of government entities to strengthen the posture of their cyber networks. The CDM Program brings an enterprise approach to continuous diagnostics, and allows consistent application of best practices.


Products and services offered through the BPAs, ordering options, eligibility requirements, and BPA holder POCs, can be found in the latest version of the CDM CMaaS BPA Ordering Guide [PDF, 239KB] as well as in the CDM Product Guide [PDF, 70KB] and CDM Product Catalog [PDF, 310KB].

The CDM Tools/CMaaS BPAs were established using GSA Multiple Award IT Schedule 70 pricing as a benchmark to establish the initial discounts for the BPAs, as well as tiered discounts based on cumulative quantities. A Federal Strategic Sourcing Initiative (FSSI)-like reporting mechanism was built into the BPAs, with quarterly reporting of sales, to track usage, and to ensure volume discounts are achieved by all users of the BPAs over the life of the program. The BPAs were established with broad accessibility, to allow for greater usage to achieve better pricing and greater discounts.

GSA’s role in the project is to provide BPAs that will allow DHS to centrally oversee the procurement, operations, and maintenance of diagnostic sensors (tools) and dashboards deployed to each agency. GSA/FAS/AAS/FEDSIM will provide management of the BPAs, as well as an Assisted Acquisitions capacity for those customers who need assistance on orders against the BPAs.  

Customers can also order directly off of the BPAs, via a Delegation of Procurement Authority from the GSA/FAS/AAS/FEDSIM Contracting Officer.

back to top top


The CDM Program will provide specialized information technology (IT) tools, and CMaaS to combat cyber threats in the civilian “.gov” networks. The CDM approach moves away from historical compliance reporting and toward combating threats to the nation’s networks on a real time basis. The tools and services delivered through the CDM Program will provide DHS, other Federal D/As, and SLRT governments with the ability to enhance and automate their existing continuous network monitoring capabilities; correlate and analyze critical security-related information; and enhance risk-based decision making at the agency and federal enterprise level. Information obtained from the automated monitoring tools will allow for the correlation and analysis of security-related information across the federal enterprise.

back to top top

Facts and Features

BPAs were awarded to the following 17 industry partners: 

  • Booz Allen Hamilton;
  • CGI;
  • CSC;
  • DMI;
  • DRC;
  • GDIT;
  • HPES;
  • IBM;
  • KCG;
  • Kratos;
  • Lockheed-Martin;
  • ManTech;
  • MicroTech;
  • Northrop-Grumman;
  • SAIC;
  • SRA; and
  • Technica.

This acquisition will enable the DHS CDM Program to:

  • Achieve technology consistency across government;
  • Leverage centralized acquisition to improve the speed of procurement, and achieve significant discounts by consolidating like federal requirements into “buying groups,” and leverage buying power to the maximum extent; and
  • Achieve Cross-Agency Priority (CAP) goals to implement continuous monitoring across the federal networks.

back to top top

The shortcut for this page is