Contract Description

This Blanket Purchase Agreement (BPA) will provide Federal Government Departments/Agencies, and State, Local, Tribal and Territorial Governments with specialized Information Technology (IT) services and tools to implement DHS’ Continuous Diagnostic and Mitigation (CDM) Program. The CDM Program seeks to defend Federal and other Government IT networks from cybersecurity threats by providing continuous monitoring sensors (tools), diagnosis, mitigation tools and Continuous Monitoring as a Service (CMaaS) to strengthen the security posture of Government networks.

The Continuous Diagnostic and Mitigation (CDM) Program helps transform the way Federal and other Government entities manage their cyber networks through strategically sourced tools and services and enhances the ability of Government entities to strengthen the posture of their cyber networks. The CDM Program brings an enterprise approach to continuous diagnostics, and allows consistent application of best practices.

Contract Scope

Tools Functional Areas

  1. Hardware Asset Management
  2. Software Asset Management
  3. Configuration Management
  4. Vulnerability Management

Contract Scope II

CMaaS Task Areas

  1. Provide Order Project Management Support
  2. CDM Order Planning
  3. Support CDM Dashboards
  4. Provide-Specified Tools & Sensors
  5. Configure & Customize Tools & Sensors
  6. Maintain Data On Desired State For CDM Tools & Sensors
  7. Operate CDM Tools & Sensors
  8. Integrate & Maintain Interoperability Between CDM Tools & Agency Legacy Applications & Data
  9. Operate Data Feeds To & From Installed Dashboards
  10. Training & Consulting In CDM Governance For Departments, Agencies, & Other Requesting Organizations
  11. Support Independent Verification & Validation (Iv&V) & System Certification

How to Use CDM CMaaS

How to Use CDM CMaaS:

Ordering guide and eligibility requirements can be requested and will be provided via email at

The CDM Tools/CMaaS BPAs were established using GSA Multiple Award IT Schedule 70 pricing as a benchmark to establish the initial discounts for the BPAs, as well as tiered discounts based on cumulative quantities. A Federal Strategic Sourcing Initiative (FSSI)-like reporting mechanism was built into the BPAs, with quarterly reporting of sales, to track usage and to ensure volume discounts are achieved by all users of the BPAs over the life of the program. The BPAs were established with broad accessibility, to allow for greater usage to achieve better pricing and greater discounts.

GSA’s role in the project is to provide BPAs that will allow DHS to centrally oversee the procurement, operations, and maintenance of diagnostic sensors (tools) and dashboards deployed to each agency. GSA/FAS/AAS/FEDSIM will provide management of the BPAs, as well as an Assisted Acquisitions capacity for those customers who need assistance on orders against the BPAs.

Customers can also order directly off of the BPAs via a Delegation of Procurement Authority from the GSA/FAS/AAS/FEDSIM Contracting Officer.

Contract Team

IBM has established a dedicated team to assist you and your company. Please feel free to contact the appropriate individual below with questions or issues.


IBM CDM/CMaaS Contacts



  • John Terrell  |  Contracting Officer|  1-703-605-2748
  • Elizabeth Mooday  |  BPA COR  |  202-320-0892 


DHS, Office of Cyber Security and Communications (CS&C) – Arlington, VA