The Continuous Diagnostics and Mitigation (CDM), Tools and Continuous Monitoring as a Service (CMaaS), Blanket Purchase Agreement (BPA) supports the U.S. Department of Homeland Security (DHS) and other federal agencies. The GSA IT Schedule 70 Contract is directly applicable to this BPA.

The tools and services delivered through the CDM (also known as Continuous Monitoring) program will provide federal agencies, and state and local governments, with the ability to enhance/automate their existing continuous network monitoring capabilities, correlate and analyze critical security-related information, and enhance risk-based decision-making at the agency and federal enterprise level. Information obtained from the automated monitoring tools will allow for the correlation and analysis of security-related information across the federal enterprise.

While the scope of the program is primarily for civilian ".gov" networks, DHS anticipates use of this BPA by any federal entity, including the U.S. Department of Defense (DoD) and ".mil" networks, further enhancing the value to the government of this acquisition. Finally, in its overall cyber-defense role, DHS has the strategic goal of making the CDM tools and CMaaS available for use by state, local, tribal, and territorial governments. This BPA, through the Cooperative Purchasing Program (CPP), will allow these local entities to benefit from the same consistency, pricing, and speed of procurement for CDM as will be available to federal entities under this acquisition.

Contract Details

How to Use

Any department or agency of the federal government, or any entity that may use GSA IT Schedule 70, may order from this BPA. In addition, state, local, regional, and tribal governments that use Schedule 70 through the CPP may also use this BPA.


The scope of the CMaaS BPA includes the following:

  • Hardware Asset Management
  • Software Asset Management
  • Configuration Management
  • Vulnerability Management
  • Manage Network Access Controls
  • Manage trust in people granted access
  • Manage security related behavior
  • Manage credentials and authentication
  • Manage account access
  • Prepare for contingencies and incidents
  • Respond to contingencies and incidents
  • Design and build in requirements policy and planning
  • Design and build in quality
  • Manage audit information
  • Manage operation security
  • Provide ancillary hardware
  • Provide order project management support
  • CDM order planning
  • Support CDM dashboards
  • Provide specified tools and sensors
  • Configure and customize tools and sensors
  • Maintain data on desired state for CDM tools and sensors
  • Operate CDM tools and sensors
  • Integrate and maintain interoperability between CDM and agency legacy applications and data
  • Integrate and maintain interoperability between CDM tools and agency legacy applications and data
  • Operate dashboard feeds to and from installed dashboards
  • Training and consulting in CDM governance for departments, agencies, and other requesting organizations
  • Support Independent verification & validation and system certification


Contact [email protected] with any questions.

Contact Us

This contact form has been disabled.