CDM Learning – Bits & Bytes

Identity records help agencies ensure that the right individuals access the right resources at the right times for the right reasons. Identity records consolidate a user’s comprehensive set of job functions, system roles, and associated accesses and privileges in one place. This ensures that credentials for facilities and systems are only a…[Read more]

Credentials are used in the system authentication process to identify and authenticate the a user’s identity. The level of trust we have in the authenticity of the credential is a security consideration – that is, how the system “knows” who is requesting access. Credentials are collected through user input or coded through an application program…[Read more]

Credentials are used in the system authentication process to identify and authenticate the a user’s identity. The level of trust we have in the authenticity of the credential is a security consideration – that is, how the system “knows” who is requesting access. Credentials are collected through user input or coded through an application program…[Read more]

Credentials are used in the system authentication process to identify and authenticate the a user’s identity. The level of trust we have in the authenticity of the credential is a security consideration – that is, how the system “knows” who is requesting access. Credentials are collected through user input or coded through an application program…[Read more]

Credentials are used in the system authentication process to identify and authenticate the a user’s identity. The level of trust we have in the authenticity of the credential is a security consideration – that is, how the system “knows” who is requesting access. Credentials are collected through user input or coded through an application program…[Read more]

Continuous Diagnostics and Mitigation (CDM) consists of multiple tools and dashboards. Collectively, as a system of systems, it informs federal executive agencies of their current cybersecurity risks by enabling operators to continuously search for security issues, triage and analyze results, fix the worst issues first, and report progress.…[Read more]

Automating security control assessments is critical in today’s fast-paced, ever-evolving security environment, where security threats are becoming more sophisticated and frequent. By automating security control assessments, federal executive agencies receive more timely data about security control defects and produce cost savings.

Cyber attacks o…[Read more]

Automating security control assessments is critical in today’s fast-paced, ever-evolving security environment, where security threats are becoming more sophisticated and frequent. By automating security control assessments, federal executive agencies receive more timely data about security control defects and produce cost savings.

Cyber attacks o…[Read more]

Cyber attacks on Federal Government networks are growing more sophisticated, frequent, and aggressive. Federal executive agencies must know what they can automate to improve their cybersecurity posture and how to do it. Historically, agencies have relied on time-consuming manual processes to identify cybersecurity risk conditions to decrease their…[Read more]

Agencies define metrics as part of their Information Security Continuous Monitoring (ISCM) program to help them make informed risk management decisions. The Continuous Diagnostics and Mitigation (CDM) Program provides an automated solution for agencies to collect data and analyze metrics defined by their ISCM program.

ISCM programs help agencies…[Read more]

Agencies define metrics as part of their Information Security Continuous Monitoring (ISCM) program to help them make informed risk management decisions. The Continuous Diagnostics and Mitigation (CDM) Program provides an automated solution for agencies to collect data and analyze metrics defined by their ISCM program.

ISCM programs help agencies…[Read more]

Agencies define metrics as part of their Information Security Continuous Monitoring (ISCM) program to help them make informed risk management decisions. The Continuous Diagnostics and Mitigation (CDM) Program provides an automated solution for agencies to collect data and analyze metrics defined by their ISCM program.

ISCM programs help agencies…[Read more]

The Continuous Diagnostics and Mitigation (CDM) Program provides automated security capabilities to enable federal executive agencies to successfully implement an Information Security Continuous Monitoring (ISCM) program. These ISCM programs allow agencies to make informed risk management decisions.

Information security is a dynamic process that…[Read more]

The Continuous Diagnostics and Mitigation (CDM) Program provides automated security capabilities to enable federal executive agencies to successfully implement an Information Security Continuous Monitoring (ISCM) program. These ISCM programs allow agencies to make informed risk management decisions.

Information security is a dynamic process that…[Read more]

The Continuous Diagnostics and Mitigation (CDM) Program provides automated security capabilities to enable federal executive agencies to successfully implement an Information Security Continuous Monitoring (ISCM) program. These ISCM programs allow agencies to make informed risk management decisions.

Information security is a dynamic process that…[Read more]

Implementing, operating, and maintaining CDM systems will require that your cybersecurity workforce gains new KSAs. How do you identify what those new KSAs will be and who needs to learn them?
The Draft National Institute of Standards and Technology Special Publication 800-181, National Initiative for Cybersecurity Education (NICE) Cybersecurity…[Read more]

While cybersecurity training has increased over the years, many organizations find that employees are not adequately prepared to perform their job duties. The NCWF, as defined by Draft National Institute for Standards and Technology (NIST) Special Publication (SP) 800-181, provides a common language to define cybersecurity work, from the high…[Read more]

While cybersecurity training has increased over the years, many organizations find that employees are not adequately prepared to perform their job duties. The NCWF, as defined by Draft National Institute for Standards and Technology (NIST) Special Publication (SP) 800-181, provides a common language to define cybersecurity work, from the high…[Read more]

While cybersecurity training has increased over the years, many organizations find that employees are not adequately prepared to perform their job duties. The NCWF, as defined by Draft National Institute for Standards and Technology (NIST) Special Publication (SP) 800-181, provides a common language to define cybersecurity work, from the high…[Read more]

While cybersecurity training has increased over the years, many organizations find that employees are not adequately prepared to perform their job duties. The NCWF, as defined by Draft National Institute for Standards and Technology (NIST) Special Publication (SP) 800-181, provides a common language to define cybersecurity work, from the high…[Read more]