Director of National Cyber Security Division at the Department of Homeland Security John Streufert. (Mike Morones / Staff)
The Department of Homeland Security on Monday awarded contracts to 17 vendors for tools and services to continuously monitor federal systems and networks for cyber risks.
Most large civilian agencies have agreed to use the $6 billion contract , which will provide diagnostic tools for agencies to quickly identify and fix the most serious cyber risks in their networks. The year-long contract has four option years, and DHS has committed $185 million this fiscal year to launch the first of three phases under the Continuous Diagnostic and Mitigation Program.
The General Services Administration awarded the blanket purchase agreement on behalf of DHS, and GSA will charge agencies a 2 percent fee to use the contract.
The Defense Department and GSA have not signed agreements to use the contract, but GSA is expected to come on board in the near future, John Streufert, who leads the DHS program, said Tuesday following a panel at the SANS Critical Security Controls Summit in Washington.
DHS expects the monitoring tools will eventually conduct 60 billion to 80 billion security checks at least every three days across government. Summaries of that data will be reported to a DHS system called CyberScope and used to identify and address the government’s most severe security problems.
At the agency level, managers will be aware of all hardware and software that has access to their networks and ensure they meet security standards. The tools will continuously scan their networks and verify whether agency technology is properly configured.
A separate contract will be awarded for a dashboard, which will provide agencies a more comprehensive view of their security risks, Streufert said.
The winning vendors are:
■Booz Allen Hamilton