In 2012, the Office of Management and Budget identified continuous monitoring of federal IT networks as one of 14 Cross-Agency Priority (CAP) goals, established in accordance with the Government Performance and Results Modernization Act.
To support federal departments and agencies in meeting the CAP goal, the Department of Homeland Security (DHS) established the CDM Program, an implementation approach consistent with the Information System Continuous Monitoring (ISCM) methodology.
DHS, in partnership with GSA FEDSIM, established a governmentwide acquisition vehicle for continuous monitoring capabilities. The acquisition vehicle provides a consistent set of solutions at a reduced cost, that enhance the government’s ability to identify and mitigate the impact of emerging cyber threats.
In 2017, DHS and GSA continued our partnership and established the Continuous Diagnostics and Mitigation (CDM) Tools Special Item Number (SIN) on GSA’s Multiple Award Schedule 70. The CDM Tools SIN will provide agencies quicker access to key, DHS-validated products that will expand agencies’ capacity to protect their high-priority IT systems, rapidly address potential vulnerabilities, and stop adversaries before they impact agency networks.
Congress funds the CDM program to support the Federal Information System Management Act (FISMA) reporting for .gov agencies to address potential gaps in their cybersecurity environments. Through its authority [PDF - 39 KB], DHS will ensure that CDM is consistently implemented, meets critical requirements for effectiveness, and leverages centralized acquisitions in the form of strategic sourcing.
The CDM program is housed within the DHS National Protection and Programs Directorate, Office of Cybersecurity and Communications (CS&C). The CDM Program Management Office resides in CS&C’s Network Security Deployment Division.