CDM Program Approved Products List

CISA’s Continuous Diagnostics and Mitigation (CDM) Program provides a dynamic approach to fortifying the cybersecurity of government networks and systems. The CDM Program delivers cybersecurity tools, integration services, and dashboards that help participating agencies improve their security posture. 

The CDM Program’s Approved Products List (APL) is the authoritative catalog for approved products that meet CDM technical requirements. Software and hardware manufacturers and resellers can submit products for APL consideration monthly. CISA reviews each submission against established CDM Program criteria to validate the vendor’s claim that each product meets the requirements for the capability category for which it was submitted.

The CDM APL is managed by the CISA Cybersecurity Division’s Capacity Building Acquisition and Budget office. Capacity Building Acquisition and Budget ensures that federal agencies have several ways to purchase approved CDM products. See below for details.

Download the November 2022 CDM Approved Products List (APL) (xlsx; 8,707KB)

Offering Tools and Services on the CDM APL

APL Submission Process 

The CDM Program includes cybersecurity tools and sensors that are reviewed by the program for conformance with Section 508, federal license users, and CDM technical requirements. Each month, the program sponsors an open season to encourage cybersecurity original equipment manufacturers and others to update, refresh, and add new and innovative tools to the CDM APL.

APL submission documents (updated December 2022) include: 

  1. CDM APL Submission Instructions FY2023 (pdf, 216KB)
  2. CDM APL Submission Form FY2023 (xlsx, 634KB)
  3. CDM APL SCRM Plan Background FY2023 (pdf, 161KB)
  4. CDM APL SCRM Plan Questionnaire FY2023 (xlsx, 110KB)
  5. Voluntary Product Accessibility Template (VPAT) – A template used to document a product’s conformance with accessibility standards and guidelines (available for download at Offerors should use this template to explain how their information and communication technology (ICT) products (software, hardware, electronic content, and support documentation) meet Section 508 standards.
  6. End User License Agreement (EULA) – A legally binding document defining the user’s rights and restrictions for using the offeror’s products; also known as a commercial supplier agreement.

Additional resources: 

CISA accepts submissions to the CDM APL on a monthly basis. Offerors can submit to CISA starting the Monday of the first full or partial week of the month, with submissions being accepted through Friday of that week. See submission calendar below. 

CISA CDM APL Submission Calendar 2022–2023

 Submission Period – Month   Period Start Date    Period End Date  
 64 – December 2022 Nov. 28 Dec. 2
 65 – January 2023 Jan. 2 Jan. 6
 66 – February 2023 Jan. 30 Feb. 3
 67 – March 2023 Feb. 27 March 3
 68 – April 2023 April 3 April 7
 69 – May 2023 May 1 May 5
 70 – June 2023 May 29 June 2
 71 – July 2023 July 3 July 7
 72 – August 2023 July 31 Aug. 4
 73 – September 2023 Aug. 28 Sept. 1


For current agency partners who would like access to approved submission documents, including end user license agreements, Supply Chain Risk Management (SCRM) plans, and Voluntary Product Accessibility Templates (VPATs): please visit the CDM APL page on the Office of Management and Budget’s

Purchasing CDM APL Tools and Services

GSA Alliant I and II — CDM DEFEND Task Order Series 

Participating agencies can make purchases through the CDM Dynamic and Evolving Federal Enterprise Network Defense (DEFEND) task order series. CDM DEFEND is executed through Alliant, a General Services Administration (GSA) government-wide acquisition contract (GWAC) vehicle. 

GSA MAS Information Technology (legacy GSA IT Schedule 70) 

CDM tagPurchases can also be made through GSA Advantage! via the Multiple Award Schedule (MAS) Information Technology (IT) contract. MAS IT is one of the larger contracts in the federal government. Agencies use it to buy technology products and services. For information on buying CDM APL tools and services through MAS IT, please visit GSA. CDM products are tagged on GSA Advantage!, giving purchasers the confidence that these products are CDM approved.

Note: The CDM Tools Special Item Number (SIN) retired on June 30, 2022.


NASA SEWP VIn addition, the CDM Program has partnered with the National Aeronautics and Space Administration’s Contract Solution for Enterprise-Wide Procurement (NASA SEWP), a GWAC authorized by the U.S. Office of Management and Budget (OMB) and managed by NASA, to provide a catalog for purchasing CDM APL products. 

All federal civilian agencies can purchase from the NASA SEWP CDM Catalog. Non-federal entities, including CDM DEFEND system integrators, can buy from the NASA SEWP CDM Catalog with a Letter of Authorization.


If you have questions about CDM Program acquisitions or the CDM APL, please email us at

Was this webpage helpful?  Yes  |  Somewhat  |  No