The Continuous Diagnostics and Mitigation (CDM) program provides tools and services that enable federal and other government IT networks to strengthen the security posture of their cyber networks.
How CDM works
The CDM Program enables government entities to expand their continuous monitoring capabilities by increasing their network sensor capacity, automating sensor collections, and prioritizing risk alerts.
This approach lowers the operational risk of information security systems and .gov networks.
- Results are fed into Agency-level dashboards that produce customized reports, alerting government IT managers of their worst and most critical cyber risks, based on standardized and weighted risk scores.
- Prioritized results enable agencies to efficiently allocate resources, based on the severity of the risk.
- Progress is tracked and results can be shared within agencies. Summary information will feed into a central federal-level dashboard, managed by the Department of Homeland Security (DHS), to inform and prioritize cyber risk assessments across the government.
About the program
In 2012, the Office of Management and Budget identified continuous monitoring of federal IT networks as one of 14 Cross-Agency Priority (CAP) goals, established in accordance with the Government Performance and Results Modernization Act.
To support federal departments and agencies in meeting the CAP goal, DHS established the CDM Program, an implementation approach consistent with the Information System Continuous Monitoring (ISCM) methodology.
DHS, in partnership with the General Services Administration, established a governmentwide acquisition vehicle for continuous monitoring capabilities. The Continuous Monitoring as a Service (CMaaS) blanket purchase agreement is available to federal, state, local, and tribal government entities. The acquisition vehicle provides a consistent set of solutions at a reduced cost, that enhance the government’s ability to identify and mitigate the impact of emerging cyber threats.
Congress funds the CDM program to support the Federal Information System Management Act (FISMA) reporting, .gov agencies address potential gaps in their cybersecurity environments. Through its authority, DHS will ensure that CDM is consistently implemented, meets critical requirements for effectiveness, and leverages centralized acquisitions in the form of strategic sourcing.
The CDM program is housed within the DHS National Protection and Programs Directorate, Office of Cybersecurity and Communications (CS&C). The CDM Program Management Office resides in CS&C’s Federal Network Resilience division.