CDM Program Approved Products List (APL)
CISA’s Continuous Diagnostics and Mitigation (CDM) Program provides a dynamic approach to fortifying the cybersecurity of government networks and systems. The CDM Program delivers cybersecurity tools, integration services, and dashboards that help participating agencies improve their security posture.
The CDM Program’s Approved Products List (APL) is the authoritative catalog for approved products that meet CDM technical requirements. Software and hardware manufacturers and resellers can submit products for APL consideration monthly. CISA reviews each submission against established CDM Program criteria to validate the vendor’s claim that each product meets the requirements for the capability category for which it was submitted.
The CDM APL is managed by the CISA Cybersecurity Division’s Capacity Building Acquisition and Budget office. Capacity Building Acquisition and Budget ensures that federal agencies have several ways to purchase approved CDM products. See below for details.
APL supporting documentation (VPAT, EULAs, SCRM Plans) is available upon request for prospective agency customers. Please contact csd_cb.acqbudg@cisa.dhs.gov to request these documents.
If you have questions about CDM Program acquisitions or the CDM APL, please email us at csd_cb.acqbudg@cisa.dhs.gov.
Updated SCRM Plan Questionnaire is now available
In June 2023, the Office of Management and Budget released M-23-16 Enhancing the Security of the Software Supply Chain through Secure Software Development Practices. This memorandum was an update to M-22-18 which required agencies to only use software that is provided by software producers who can attest to complying with Government-specified minimum secure software development practices. Software producers who partner with the federal government can now upload their Secure Software Development Attestation Forms to CISA's Repository for Software Attestation and Artifacts.
Download the March CDM Approved Products List (APL)
APL Submission Process & Purchasing off of the APL
Purchasing CDM APL Tools & ServicesCDM APL Submission Process
Each month, the CDM sponsors an open season to encourage cybersecurity original equipment manufacturers and others to update, refresh, and add new and innovative tools to the APL.
CDM APL Submission Additional Resources
View additional resources regarding the APL Submission Process.
CDM APL Submission Calendar
CISA accepts submissions to the CDM APL on a monthly basis. Offerors can submit to CISA starting the Monday of the first full or partial week of the month, with submissions being accepted through Friday of that week. See submission calendar below.
Purchasing CDM APL Tools & Services
View three different ways to purchase CDM APL tools and services.