How agencies gain flexibility to acquire security tools through CDM DEFEND

GSA updates to government’s Schedule 70 IT contract make it easier for agencies to acquire the security tools they want, says IT program official.
CDM Defend

Agencies moving to CDM DEFEND, or Phase 3, will find the process of searching for and procuring the IT tools they need substantially improved from past years, says a General Services Administration (GSA) program official.

In an effort to help agencies, GSA has reorganized products offered for the Continuous Diagnostics and Mitigation (CDM) program into family categories on the government’s IT procurement Schedule 70.

In a podcast interview with FedScoop, Larry Hale, GSA’s director of IT security subcategory office of IT category management, shared that agencies can take advantage GSA’s schedule 70 to identify CDM tools that will support their cybersecurity and IT modernization efforts. IT security tools are now rolled up into “family categories” and referenced under CDM tools “special item numbers,” or “CDM tools SIN,” he said.

Schedule 70 is the largest IT contract in the federal government, and currently lists all the hardware and software products approved by the Department of Homeland Security (DHS).

“[CDM DEFEND] brings incredible amount of capability around automation, visibility into the business, and the acquisition process,” says Eric Trexler, vice president of global governments and critical infrastructure at Forcepoint, also joining the podcast.

Trexler notes that there are big differences from Phases 1 and 2. “As I travel around to different customers, what they are starting to see is that Phase 3 allows them to pick those tools,” he says.

Hale adds that the biggest benefit to agencies is ease of buying. When vendors get onto Schedule 70, they have to put down their most favored customer pricing.  That pricing is the starting point for negotiations, he said, and advised that agencies should take the extra step to negotiate down to get the best price.

Trexler notes that Phase 3 is distinct not only from Phases 1 and 2, but also from any other government contract. “Phase 3 also opens up a lot of capabilities for state and local government to acquire off the GSA Schedule 70 and take advantage of the same tools that are provided to federal agencies as part of this program.”

Currently the number of IT security products listed on Schedule 70 breaks down as follows:

  • 80,000 products for CDM Phase 1 – what’s on the network
  • 40,000 products for CDM Phase 2 – who is on the network
  • 82,000 products for CDM Phase 3 – how is the network protected
  • 86,000 products for CDM Phase 4 – managing what is happening on the network
  • 12,000 products for CDM Phase 5 – emerging tools and technologies products

For more information on the CDM Program and Forcepoint’s approved solutions, please visit

This podcast was produced by FedScoop and underwritten by Forcepoint.

Latest Podcasts