CDM Phase 3: What You Need to Know

In an effort to enhance the federal government’s cyber posture, the Department of Homeland Security created the Continuous Diagnostics and Mitigation, or CDM, program. CDM provides DHS, and other federal agencies, the capabilities and tools to identify cybersecurity risks on an ongoing basis, as well as detect and respond to threats in real time.

The CDM Program is organized into four distinct phases designed to address each layer of cybersecurity.

Phase 1 asks “What is on the network?” It addresses the management of agency devices and software.

Phase 2 asks “Who is on the network?” and includes the management of account access, user privileges, credentials and authentication.

Next, Phase 3 asks “What is happening on the network?” It manages data, network perimeter components, as well as user activities.

Lastly, Phase 4 asks “How is data protected?” and supports the overall CDM Program through risk prioritization.

DHS has already implemented Phase 1 and 2. Now, in partnership with the General Services Administration, it’s beginning Phase 3, which will cover new requirements and fill in some gaps from previous phases.

Here’s what agencies need to know about Phase 3:

Phase 3 is composed of four elements: Network Boundary Protection; Managing Network Events; Designing and Building in Security; and Operating, Monitoring and Improving the Network.

Phase 3 capabilities move beyond asset management to the more extensive and dynamic monitoring of security controls. This includes:

• Preparing for and responding to behavior incidents
• Ensuring that software or system quality is integrated into the network infrastructure
• Detecting internal actions and behaviors to determine who is doing what
• Mitigating security incidents to prevent the spread of cyberthreats throughout the network.

The services component of Phase 3, known as Dynamic and Evolving Federal Enterprise Network Defense, or DEFEND, is designed to help federal agencies acquire the expertise to both protect federal networks and manage what is happening on them.

Finally, instead of using a blanket purchasing agreement, federal agencies can now acquire CDM-related hardware and software products through a variety of GSA-sponsored means including a special item number created explicitly for CDM. This means agencies can purchase CDM solution components that have already been approved by DHS.

But what solutions should agencies acquire?To learn more about how to prepare for CDM Phase 3 – as well as other requirements of the program phases – check out our latest GovLoop Academy 10-minute course: How to Tackle CDM Phase 3.