CDM Learning – Bits & Bytes

What is NIST Digital Identity Assurance?

The National Institute of Standards and Technology (NIST) Digital Identity Guidelines provide flexible requirements for agencies seeking to assure user identities on their networks. These guidelines describe three components of identity assurance—Identity, Authentication, and Federation—and three lev…[Read more]

The National Institute of Standards and Technology (NIST) Digital Identity Guidelines provide flexible requirements for agencies seeking to assure user identities on their networks. These guidelines describe three components of identity assurance—Identity, Authentication, and Federation—and three levels of sophistication in each component.

N…[Read more]

The National Institute of Standards and Technology (NIST) Digital Identity Guidelines provide flexible requirements for agencies seeking to assure user identities on their networks. These guidelines describe three components of identity assurance—Identity, Authentication, and Federation—and three levels of sophistication in each component.

N…[Read more]

The National Institute of Standards and Technology (NIST) Digital Identity Guidelines provide flexible requirements for agencies seeking to assure user identities on their networks. These guidelines describe three components of identity assurance—Identity, Authentication, and Federation—and three levels of sophistication in each component.

N…[Read more]

According to the National Institute for Standards and Technology (NIST) Special Publication 800-53 Revision 4, Security Controls and Assessment Procedures for Federal Information Systems and Organizations, restricting privileged accounts only to specific personnel or roles, such as system administrators for various commercial off-the-shelf…[Read more]

According to the National Institute for Standards and Technology (NIST) Special Publication 800-53 Revision 4, Security Controls and Assessment Procedures for Federal Information Systems and Organizations, restricting privileged accounts only to specific personnel or roles, such as system administrators for various commercial off-the-shelf…[Read more]

Granting privileged access is the act of giving users credentials or administrative privileges to information, systems, networks, accounts, or physical locations. Due to the high level of risk associated with these privileged accounts, an organization should only grant the minimum privileges necessary for individuals to perform their assigned…[Read more]

The Department of Homeland Security (DHS) Credential Management (CREDMGMT) solution implements tools and services that help agencies tighten policies and practices that protect federal network users and their credentials. The solution ensures users access the network using strong authentication and that user activities on the network are…[Read more]

The Department of Homeland Security (DHS) Credential Management (CREDMGMT) solution implements tools and services that help agencies tighten policies and practices that protect federal network users and their credentials. The solution ensures users access the network using strong authentication and that user activities on the network are…[Read more]

Identity records help agencies ensure that the right individuals access the right resources at the right times for the right reasons. Identity records consolidate a user’s comprehensive set of job functions, system roles, and associated accesses and privileges in one place. This ensures that credentials for facilities and systems are only a…[Read more]

Credentials are used in the system authentication process to identify and authenticate the a user’s identity. The level of trust we have in the authenticity of the credential is a security consideration – that is, how the system “knows” who is requesting access. Credentials are collected through user input or coded through an application program…[Read more]

Credentials are used in the system authentication process to identify and authenticate the a user’s identity. The level of trust we have in the authenticity of the credential is a security consideration – that is, how the system “knows” who is requesting access. Credentials are collected through user input or coded through an application program…[Read more]

Credentials are used in the system authentication process to identify and authenticate the a user’s identity. The level of trust we have in the authenticity of the credential is a security consideration – that is, how the system “knows” who is requesting access. Credentials are collected through user input or coded through an application program…[Read more]

Credentials are used in the system authentication process to identify and authenticate the a user’s identity. The level of trust we have in the authenticity of the credential is a security consideration – that is, how the system “knows” who is requesting access. Credentials are collected through user input or coded through an application program…[Read more]

Continuous Diagnostics and Mitigation (CDM) consists of multiple tools and dashboards. Collectively, as a system of systems, it informs federal executive agencies of their current cybersecurity risks by enabling operators to continuously search for security issues, triage and analyze results, fix the worst issues first, and report progress.…[Read more]

Automating security control assessments is critical in today’s fast-paced, ever-evolving security environment, where security threats are becoming more sophisticated and frequent. By automating security control assessments, federal executive agencies receive more timely data about security control defects and produce cost savings.

Cyber attacks o…[Read more]

Automating security control assessments is critical in today’s fast-paced, ever-evolving security environment, where security threats are becoming more sophisticated and frequent. By automating security control assessments, federal executive agencies receive more timely data about security control defects and produce cost savings.

Cyber attacks o…[Read more]

Cyber attacks on Federal Government networks are growing more sophisticated, frequent, and aggressive. Federal executive agencies must know what they can automate to improve their cybersecurity posture and how to do it. Historically, agencies have relied on time-consuming manual processes to identify cybersecurity risk conditions to decrease their…[Read more]

Agencies define metrics as part of their Information Security Continuous Monitoring (ISCM) program to help them make informed risk management decisions. The Continuous Diagnostics and Mitigation (CDM) Program provides an automated solution for agencies to collect data and analyze metrics defined by their ISCM program.

ISCM programs help agencies…[Read more]

Agencies define metrics as part of their Information Security Continuous Monitoring (ISCM) program to help them make informed risk management decisions. The Continuous Diagnostics and Mitigation (CDM) Program provides an automated solution for agencies to collect data and analyze metrics defined by their ISCM program.

ISCM programs help agencies…[Read more]