The Continuous Diagnostics and Mitigation (CDM) program provides tested continuous monitoring, diagnosis, and mitigation activities designed to strengthen the security posture of the federal .gov networks. Under this program, the Department of Homeland Security (DHS) will centrally oversee the procurement, operations, and maintenance of diagnostic sensors (tools) and dashboards deployed to each agency. Using input from the sensors and agency-level dashboards, officials at each agency will be able to quickly identify which problems to fix first, and empower technical managers to prioritize and mitigate risks.
CDM offers commercial off-the-shelf (COTS) tools, with robust terms for technical modernization as threats change. First, agency-installed sensors perform an automated search for known cyber flaws. Results feed into a local dashboard that produces customized reports, alerting network managers to their worst and most critical cyber risks based on standardized and weighted risk scores. Prioritized alerts enable agencies to efficiently allocate resources based on the severity of the risk. Progress reports track results, which can be used to compare security posture among department/agency networks. Summary information can feed into an enterprise-level dashboard to inform and situational awareness into cybersecurity risk posture across the federal government.
The rollout of CDM is organized into three phases designed to allow agencies to implement CDM in a consistent manner that demonstrates measureable cybersecurity results and leverages strategic sourcing to achieve cost savings.
Phase One of CDM focuses on endpoint integrity and device management. Specifically, this phase encompasses the management of hardware and software assets, configuration management, and vulnerability management. These capabilities form an essential foundation on which the rest of CDM will build.
Phase Two will focus on monitoring attributes of the authorized users operating in an agency's computing environment. This includes the individual's security clearance or suitability, security related training, and any privileged access they may possess.
Phase Three will focus on boundary protection and response to cyber incidents and vulnerabilities. These capabilities will include audit and event detection/response, status of encryption, remote access, and access control of the environment.