CDM Frequently Asked Questions
Consistent with the federal government’s four-year development of the Information System Continuous Monitoring (ISCM) methodology, the CDM program is a dynamic implementation approach to fortifying the cyber security of computer networks and systems.
The CDM program provides capabilities and tools that enable network administrators to know the state of their respective networks at any given time, by identifying and ranking problems for priority resolution.
The CDM program helps standardize security monitoring across the federal government. CDM’s intent parallels national priority for hardening defenses in federal networks. CDM has a number of benefits beyond those associated with certification and accreditation and continuous authorization supporting the Federal Information Security Management Act (FISMA) of 2002. CDM offers commercial off-the-shelf (COTS) tools, with robust terms for technical modernization as threats change.
The CDM program defends federal government IT networks from cyber security threats and enhances risk-based decision-making within agencies, and across the federal government. CDM utilizes tools and services to improve agencies’ abilities to analyze critical security-related information. Continually monitoring networks for flaws and anomalies will alert network managers to attacks and intrusions, thereby enabling faster responses to fix vulnerabilities that allow attacks.
In partnership with the General Services Administration (GSA), the Department of Homeland Security (DHS) is structuring acquisition vehicles on behalf of federal civilian departments and agencies. Additionally, in its comprehensive cyber-defense role, DHS will make CDM tools and services available for use by defense organizations, in addition to state, local, regional and tribal (SLRT) governments.
CMaaS BPA participants achieve cost savings through tiered-price and task-order discounts, enabling scarce resources to be spread further. This strategy results in an enterprise approach to continuous diagnostics, including consistent application of best practices.
The CDM Dashboard will identify and prioritize cyber problems for action at the department/agency level. Summary information will feed into a federal dashboard, which provides situational awareness of the government wide network security status.
In 2010, the Office of Management and Budget delegated DHS to oversee and assist governmentwide and agency-specific efforts to provide adequate, risk-based, and cost-effective cybersecurity. Through its authority, DHS will ensure that the program is consistently implemented, meets critical requirements for effectiveness, and leverages centralized acquisitions to improve the speed of procurement and achieve strategic sourcing discounts.
The CDM Program Management Office is supporting participating agencies through web-based toolkits, customer representative meetings, and agency-dedicated CDM advocates.
The Continuous Diagnostics and Mitigation (CDM) program is designed to rigorously ensure privacy. Review of all technical proposals from among the winners of the CMaaS contract were found to strictly adhere to public safety, and the related design criteria necessary to fulfill critical Homeland Security mission requirements for information assurance.
Data sent from local department and agency (D/A) networks to DHS does not include any Personally Identifying Information (PII); data about specific D/A computers, applications or user accounts; and data about the specific cybersecurity flaws on these computers or applications.
The CDM program helps federal agencies automate the FISMA reporting process. Agency-level CDM dashboards will automatically gather and report some of the FISMA-required information to the federal dashboard; the federal dashboard will then report this information to the CyberScope data reporting application that is managed by DHS.
Contact firstname.lastname@example.org and request a Delegation of Procurement Authority (DPA).
Federal department and agencies, state, local, regional, and tribal governments, as well as other organizations authorized by GSA Order 4800.2H Eligibility to Use GSA Sources of Supply.