Setting up cybersecurity tools for the first two groups in the Continuous Diagnostics and Mitigation program was moving along earlier this year, however a side effect of the major breaches at the Office of Personnel Management caused a delay in implementation.
After the breaches were identified, OPM took a harder look at a number of its applications and ended up pulling the e-QIP background investigation online submission form in order to make substantial security upgrades. (Note: the e-QIP app was not directly affected by the breaches.)
With the system offline, the Department of Homeland Security and General Services Administration – the agencies managing the CDM program – were unable to onboard key people needed to move ahead with implementation on the two task order two awards already issued.
"The shutdown of e-QIP delayed the onboarding of the technical resources that were going to protect agency networks from future problems like the OPM hack," said Chris Hamm, director of GSA FEDSIM, noting the irony.
The program is moving along again now, and awards for Groups C, D and E are expected in early September.
Hamm said he has been just as frustrated by the delays as agencies and industry.
"It's frustrating to me, personally, that it's taking this long," he said. "But it's part of the necessary process in order to deliver this."