The Continuous Diagnostics and Mitigation (CDM) program takes a dynamic approach to cybersecurity
Developed in 2012, the Continuous Diagnostics and Mitigation (CDM) program takes a dynamic approach to cybersecurity with capabilities for asset management, Identity and Access Management (IAM), network security, and data security. Developed to support government-wide and agency-specific efforts, it is a risk-based program that works to reduce agency threat surface, increase visibility into security posture, improve federal incident response capabilities, and streamline Federal Information Security Modernization Act (FISMA) reporting.
What is the purpose of the CDM program?
The CDM program intends to strengthen government network and system security by providing federal agencies with capabilities and tools that enable:
- Continuous cybersecurity risk monitoring
- Risk prioritization based on potential impacts
- Focus cybersecurity staff on the most significant risks first
To meet the program’s key objectives, the U.S. General Services Administration (GSA) provides the following products and services:
- Products: CDM Tools SIN*
- Services: Series of task orders
What is asset management according to CDM?
Under CDM, asset management focuses on the question, “what is on the network?” To monitor cybersecurity risks, agencies need to identify and manage the following:
- Configuration settings
- Software vulnerabilities
- Enterprise mobility
What is Identity and Access Management (IAM) according to CDM?
Under the IAM umbrella, organizations answer the question, “who is on the network?” IAM focuses on ensuring that agencies limit access according to the principle of least privilege, ensuring that only the right people can access the right resources for the right reason and only for the right amount of time. The CDM program for IAM focuses on:
- Establishing account/access/managed privileges
- Ensuring trust for granted access
- Setting credentials and enforcing authentication
- Training employees for cyber awareness
What is network security management according to CDM?
After setting asset and user controls, the next step is to assess networks and respond to the questions, “what is happening on the network?” and “how is the network protected?” The goal is to prevent hacking, misuse, and unauthorized changes to internal and external controls. Under network security, the CDM program works toward increasing visibility into:
- Network behavior
- Firewall traffic
- Encrypted and decrypted data
- Virtual private network (VPN) connections
- Ports and protocols
What is data protection management according to CDM?
Agencies manage highly sensitive data, including personally identifiable information (PII), so they need to be able to answer the question, “how is data protected?” CDM breaks this into five sub-capabilities:
- Data discovery and classification
- Data protection
- Data loss prevention (DLP)
- Data breach/spillage mitigation
- Information rights management
What tools does the CDM provide?
To enable agencies, CDM offers two different dashboards that ingest, aggregate and display data.
- CDM Agency Dashboard collects and arranges information for insight about devices, users, privileges, and vulnerabilities for an object-level view of cybersecurity posture.
- CDM Federal Dashboard: provides the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) with information about all federal networks to understand participating agency cyber risk management for enhanced cybersecurity across the federal government.
Over time, the CDM program expanded these two dashboards into a CDM Dashboard Ecosystem that provides the following additional abilities:
- Scalability: to deliver a proven, scalable data store that can effectively manage large data sets from across the agency ecosystem
- Performance: to provide the rapid query processing and calculation times necessary for securing data
- Flexibility and Innovation: to integrate multiple products for the ongoing implementation of innovating and cutting-edge technologies and approaches
SteelCloud: Enabling Continuous Insights for Continuous Diagnostics and Mitigation
SteelCloud’s patented technology for automating Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) and CISA Benchmarks enables organizations to scan their environments in a few hours, review conflicts, remediate weaknesses, and document activities in a single location. SteelCloud’s cybersecurity solution prioritizes remediation’s based on criticality, enabling you to take a risk-based approach to harden systems.