Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Cybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and ResilienceCybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and Resilience
CISA Logo

Search

 

America's Cyber Defense Agency
 
  • Topics
    Cybersecurity Best Practices
    Cyber Threats and Advisories
    Critical Infrastructure Security and Resilience
    Election Security
    Emergency Communications
    Industrial Control Systems
    Information and Communications Technology Supply Chain Security
    Partnerships and Collaboration
    Physical Security
    Risk Management
    How can we help?
    GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help LocallyFaith-Based CommunityExecutivesHigh-Risk Communities
  • Spotlight
  • Resources & Tools
    All Resources & Tools
    Services
    Programs
    Resources
    Training
    Groups
  • News & Events
    News
    Events
    Cybersecurity Alerts & Advisories
    Directives
    Request a CISA Speaker
    Congressional Testimony
    CISA Conferences
    CISA Live!
  • Careers
    Benefits & Perks
    HireVue Applicant Reasonable Accommodations Process
    Hiring
    Resume & Application Tips
    Students & Recent Graduates
    Veteran and Military Spouses
  • About
    Divisions & Offices
    Regions
    Leadership
    Doing Business with CISA
    Site Links
    CISA GitHub
    CISA Central
    Contact Us
    Subscribe
    Transparency and Accountability
    Policies & Plans

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Breadcrumb
  1. Home
  2. Resources & Tools
  3. Programs
  4. Continuous Diagnostics and Mitigation (CDM) Program
  5. CDM Program Approved Products List (APL)
Share:

CDM Program Approved Products List (APL)

Related topics:
Cybersecurity Best Practices
The APL is not accepting new submissions for the indefinite future. The current APL will remain accessible on the website. We will update this website if any changes occur.

CISA’s Continuous Diagnostics and Mitigation (CDM) Program provides a dynamic approach to fortifying the cybersecurity of government networks and systems. The CDM Program delivers cybersecurity tools, integration services, and dashboards that help participating agencies improve their security posture. 

The CDM Program’s Approved Products List (APL) is the authoritative catalog for approved products that meet CDM technical requirements. Software and hardware manufacturers and resellers can submit products for APL consideration monthly. CISA reviews each submission against established CDM Program criteria to validate the vendor’s claim that each product meets the requirements for the capability category for which it was submitted. 

The CDM APL is managed by the CISA Cybersecurity Division’s Capacity Building Acquisition and Budget office. Capacity Building Acquisition and Budget ensures that federal agencies have several ways to purchase approved CDM products. See below for details. 

APL supporting documentation (VPAT, EULAs, SCRM Plans) is available upon request for prospective agency customers. Please contact csd_cb.acqbudg@cisa.dhs.gov to request these documents.

If you have questions about CDM Program acquisitions or the CDM APL, please email us at csd_cb.acqbudg@cisa.dhs.gov.

Updated SCRM Plan Questionnaire is now available

In June 2023, the Office of Management and Budget released M-23-16 Enhancing the Security of the Software Supply Chain through Secure Software Development Practices. This memorandum was an update to M-22-18 which required agencies to only use software that is provided by software producers who can attest to complying with Government-specified minimum secure software development practices. Software producers who partner with the federal government can now upload their Secure Software Development Attestation Forms to CISA's Repository for Software Attestation and Artifacts. 

Supply Chain Risk Management Plan Questionnaire 2024

Download the April CDM Approved Products List (APL)

April 2025 CDM Approved Products List (APL)

APL Submission Process & Purchasing off of the APL

Purchasing CDM APL Tools & Services

CDM APL Submission Process

Each month, the CDM sponsors an open season to encourage cybersecurity original equipment manufacturers and others to update, refresh, and add new and innovative tools to the APL.

CDM APL Submission Additional Resources

View additional resources regarding the APL Submission Process.

CDM APL Submission Calendar

CISA accepts submissions to the CDM APL on a monthly basis. Offerors can submit to CISA starting the Monday of the first full or partial week of the month, with submissions being accepted through Friday of that week. See submission calendar below. 

Purchasing CDM APL Tools & Services

View three different ways to purchase CDM APL tools and services.

Purchasing CDM APL Tools & Services
Return to top
  • Topics
  • Spotlight
  • Resources & Tools
  • News & Events
  • Careers
  • About
Cybersecurity & Infrastructure Security Agency
  • Facebook
  • X
  • LinkedIn
  • YouTube
  • Instagram
  • RSS
CISA Central 1-844-Say-CISA SayCISA@cisa.dhs.gov
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
  • About CISA
  • Budget and Performance
  • DHS.gov
  • FOIA Requests
  • No FEAR Act
  • Office of Inspector General
  • Privacy Policy
  • Subscribe
  • The White House
  • USA.gov
  • Website Feedback