In 2012, the Office of Management and Budget identified continuous monitoring of federal IT networks as one of 14 Cross-Agency Priority (CAP) goals, established in accordance with the Government Performance and Results Modernization Act.
To support federal departments and agencies in meeting the CAP goal, DHS established the CDM Program, an implementation approach consistent with the Information System Continuous Monitoring (ISCM) methodology.
DHS, in partnership with GSA FEDSIM, established a governmentwide acquisition vehicle for continuous monitoring capabilities. The acquisition vehicle provides a consistent set of solutions at a reduced cost, that enhance the government’s ability to identify and mitigate the impact of emerging cyber threats.
Congress funds the CDM program to support the Federal Information System Management Act (FISMA) reporting for .gov agencies to address potential gaps in their cybersecurity environments. Through its authority, DHS will ensure that CDM is consistently implemented, meets critical requirements for effectiveness, and leverages centralized acquisitions in the form of strategic sourcing.
The CDM program is housed within the DHS National Protection and Programs Directorate, Office of Cybersecurity and Communications (CS&C). The CDM Program Management Office resides in CS&C’s Federal Network Resilience Division.