CISA’s Continuous Diagnostics and Mitigation (CDM) Program provides a dynamic approach to fortifying the cybersecurity of government networks and systems. The CDM Program delivers cybersecurity tools, integration services, and dashboards that help participating agencies improve their security posture.
The CDM Program’s Approved Products List (APL) is the authoritative catalog for approved products that meet CDM technical requirements. Software and hardware manufacturers and resellers can submit products for APL consideration monthly. CISA reviews each submission against established CDM Program criteria to validate the vendor’s claim that each product meets the requirements for the capability category for which it was submitted.
The CDM APL is managed by the CISA Cybersecurity Division’s Capacity Building Acquisition and Budget office. Capacity Building Acquisition and Budget ensures that federal agencies have several ways to purchase approved CDM products. See below for details.
→ Download the May 2022 CDM Approved Products List (APL) (xlsx, 15,033KB)
Offering Tools and Services on the CDM APL
APL Submission Process
The CDM Program includes cybersecurity tools and sensors that are reviewed by the program for conformance with Section 508, federal license users, and CDM technical requirements. Each month, the program sponsors an open season to encourage cybersecurity original equipment manufacturers and others to update, refresh, and add new and innovative tools to the CDM APL.
APL submission documents include:
- CDM APL Product Submission Instructions (pdf, 455KB)
- CDM APL Submission Form (xlsx, 147KB)
- CDM APL Submission Form: Evidence Examples (pdf, 102KB)
- CDM APL SCRM Plan (pdf, 30KB)
- Attachment A: CDM APL SCRM (xlsx, 15KB)
Additional resources:
- CDM Technical Capabilities, Volume One: Actual Desired States, Version 1.1 (pdf, 653KB)
- CDM Program Technical Capabilities, Volume Two: Requirements Catalog, Version 2.4 (pdf, 708KB)
- (ARCHIVED 2020 Version) CDM Technical Capabilities, Volume Two: Requirements Catalog (pdf, 1,955KB)
- (ARCHIVED 2018 Version) CDM Technical Capabilities, Volume Two: Requirements Catalog (pdf, 708)
CISA accepts submissions to the CDM APL on a monthly basis. Offerors can submit to CISA starting the Monday of the first full or partial week of the month, with submissions being accepted through Friday of that week. See submission calendar below.
Submission Period – Month | Period Start Date | Period End Date |
---|---|---|
59 – July 2022 | July 5, 2022 | July 8, 2022 |
60 – August 2022 | August 1, 2022 | August 5, 2022 |
61 – September 2022 | August 29, 2022 | September 2, 2022 |
For current agency partners who would like access to approved submission documents, including end user license agreements, Supply Chain Risk Management (SCRM) plans, and Voluntary Product Accessibility Templates (VPATs): please visit the CDM APL page on the Office of Management and Budget’s MAX.gov.
Purchasing CDM APL Tools and Services
GSA Alliant I and II — CDM DEFEND Task Order Series
Participating agencies can make purchases through the CDM Dynamic and Evolving Federal Enterprise Network Defense (DEFEND) task order series. CDM DEFEND is executed through Alliant, a General Services Administration (GSA) government-wide acquisition contract (GWAC) vehicle.
GSA MAS Information Technology (legacy GSA IT Schedule 70)
Purchases can also be made through GSA Advantage! via the Multiple Award Schedule (MAS) Information Technology (IT) contract. MAS IT is one of the larger contracts in the federal government. Agencies use it to buy technology products and services. For information on buying CDM APL tools and services through MAS IT, please visit GSA. CDM products are tagged on GSA Advantage!, giving purchasers the confidence that these products are CDM approved.
Note: The CDM Tools Special Item Number (SIN) retires on June 30, 2022.
NASA SEWP CDM Catalog
In addition, the CDM Program has partnered with the National Aeronautics and Space Administration’s Contract Solution for Enterprise-Wide Procurement (NASA SEWP), a GWAC authorized by the U.S. Office of Management and Budget (OMB) and managed by NASA, to provide a catalog for purchasing CDM APL products.
All federal civilian agencies can purchase from the NASA SEWP CDM Catalog. Non-federal entities, including CDM DEFEND system integrators, can buy from the NASA SEWP CDM Catalog with a Letter of Authorization.
If you have questions about CDM Program acquisitions or the CDM APL, please email us at csd_cb.acqbudg@cisa.dhs.gov.