CDM Capabilities

The CDM program helps transform the way federal and other government entities manage their cyber networks through strategically sourced tools and services, and enhances the ability of government entities to strengthen the posture of their cyber networks. The CDM Program brings an enterprise approach to continuous diagnostics, and allows consistent application of best practices.

The program provides specialized information technology (IT) tools, and CMaaS to combat cyber threats in the civilian “.gov” networks. The CDM approach moves away from historical compliance reporting and toward combating threats to the nation’s networks on a real time basis.

The tools and services delivered through the CDM program will provide DHS, other Federal D/As, and SLRT governments with the ability to enhance and automate their existing continuous network monitoring capabilities; correlate and analyze critical security-related information; and enhance risk-based decision making at the agency and federal enterprise level. Information obtained from the automated monitoring tools will allow for the correlation and analysis of security-related information across the federal enterprise.

How CDM Works

The CDM program enables government entities to expand their continuous monitoring capabilities by increasing their network sensor capacity, automating sensor collections, and prioritizing risk alerts.

View the CDM process infographic. [JPG - 55 KB]

This approach lowers the operational risk of information security systems and .gov networks.

  • Results are fed into agency-level dashboards that produce customized reports, alerting government IT managers of their worst and most critical cyber risks, based on standardized and weighted risk scores.

  • Prioritized results enable agencies to efficiently allocate resources, based on risk severity.

  • Progress is tracked and results can be shared within agencies. Summary information will feed into a central federal-level dashboard, managed by DHS, to inform and prioritize cyber risk assessments across the government.

DHS & GSA Partnership

DHS and GSA are structuring acquisition vehicles on behalf of CDM participants. The CDM Blanket Purchase Agreement (BPA) is open to any government entity, including the Federal Civilian Executive Branch (.gov), as well as state, local, tribal, and territorial departments and agencies.

Based upon Congressional authorization and OMB guidance, DHS will work with departments and agencies to implement CDM in a consistent manner that demonstrates measureable cybersecurity results and leverages strategic sourcing to achieve cost savings. DHS will continue to actively collaborate with public sector partners every day to respond to and coordinate mitigation in the face of attempted disruptions to the Nation’s critical cyber and communications networks and to reduce adverse impacts on critical network systems.

The CDM Program covers 15 continuous diagnostic capabilities. Phase 1 of CDM focuses on endpoint integrity: management of hardware and software assets, configuration management, and vulnerability management, which are foundational capabilities to protect systems and data. Phases 2 and 3 will include Least Privilege and Infrastructure Integrity, and Boundary Protection and Event Management, respectively. The listing below includes more detailed components of each phase.

HWAM – Hardware Asset Management
SWAM – Software Asset Management
CSM – Configuration Settings Management
VUL – Vulnerability Management

TRUST –Access Control Management (Trust in People Granted Access)
BEHAVE – Security-Related Behavior Management
CRED – Credentials and Authentication Management
PRIV – Privileges

Plan for Events
Respond to Events
Generic Audit/Monitoring
Document Requirements, Policy, etc.
Quality Management
Risk Management
Boundary Protection – Network, Physical, Virtual

Last Reviewed 2016-06-30