Skip to main content

CDM Capabilities

The Department of Homeland Security's (DHSs) Continuous Diagnostics and Mitigation (CDM) program has proposed three phases for consideration to be incorporated into future Information Security Continuous Monitoring (ISCM) phases. The first phase has been conceptually adopted as the ISCM Phase 1, and the DHS CDM program is conducting further research to validate and define the subsequent two phases. The DHS CDM phases include:

 phase 1 main goal: endpoint integrity, scope: local computing environment (devices), areas of focus: hardware and software asset management, configuration settings, known vulnerabilities, malware; phase 2 main goal: least privilege and infrastructure integrity, scope: local computing environment (peaople), network and infrastructure (devices), areas of focus: account and privelege management, configuration settings and ports/protocols/services for infrastructure devices; phase 3 main goal: boundary protection and event management, scope: local computing environment (events), network and infrastructure (events), enclave boundary (devices, events), areas of focus: audit and event detection/response, encryption, remote access, access control


Consistent with the ISCM Concept of Operations (CONOPS), the CDM program covers 15 continuous monitoring capabilities:

  • Hardware inventory management
  • Software inventory management
  • Configuration setting management
  • Vulnerability management
  • Network/physical access control management
  • Trust-in-people granted access (access control management)
  • Security-related behavior management
  • Quality management
  • Credentials and authentication management
  • Privilege management
  • Prepare for incidents and contingencies
  • Respond to incidents and contingencies
  • Requirements, policy, and planning
  • Operational security
  • Generic audit/monitoring

Capabilities are established at every level of the network, not just the periphery, which gives agencies the ability to see how effective their systems are.

The first phase of CDM focuses on four functional capabilities: management of hardware and software assets, configuration, and vulnerability, which are baseline capabilities to protect data. DHS is working with the federal CIO Council’s Information Security and Identity Management Committee (ISIMC) to identify terms of implementation for the remaining capabilities.

Continuous Diagnostics and Mitigation Program BPA


cdm,continuous,diagnostics,mitigation,capabilities