As your agency continues to adopt new and innovative technologies, you must take the proper steps to secure information. Since information networks are becoming increasingly complex and connected, there are more opportunities for information to become compromised.
Now, more than ever before, you rely on safe, secure and efficient technology to meet mission needs. That’s why the Department of Homeland Security (DHS) has created the Continuous Diagnostic and Mitigation (CDM) program, which is an important step for governments to improve their security posture.
In GovLoop’s latest report, we will explore what CDM is and how it can help your agency. This report also includes how to identify best practices and what to consider when adopting CDM. Specifically this report will teach you:
- What CDM is and how your agency can leverage it
- The 15 functional areas of CDM, and how these areas will keep your agency safe
- Insights from Ken Durbin, the Cyber and Continuous Monitoring Practice Manager, and Jennifer Nowell the Director of Strategic Programs for Public Sector.
- Download a PDF or view online below
What is CDM?
CDM supports civilian Federal agencies in becoming more secure, and deploy a cost-effective cybersecurity program. The CDM website states, “The CDM program provides capabilities and tools that enable network administrators to know the state of their respective networks at any given time, understand the relative risks and threats, and help system personnel to identify and mitigate flaws at near-network speed.”
Undeniably, government leaders are challenged to combat and mitigate new cyber attacks and threats. Yet these attacks to government agencies are not only growing in volume, but also in sophistication. To assist in improving an agency’s security posture, CDM will provide the tools needed to protect the network, giving agencies the ability to monitor and quickly mitigate day-to-day cyber attacks, protect critical information, and improve risk management.
The CDM program provides agencies the ability to automate and enhance their monitoring capabilities by providing diagnostic and mitigation tools along with dashboards. DHS is currently working with the Federal executive branch agencies to conduct the following activities:
- Deploy and manage sensors for hardware asset management
- Deploy and manage sensors for software assets and whitelisting
- Mitigate vulnerabilities
- Set compliance standards
- Capture data about an agency’s cybersecurity flaws
- Present those risks in an automated and continuously updated dashboard
According to the CDM site, “Capabilities are established at every level of the network, not just the periphery, which gives agencies the ability to see how effective their systems are. The first phase of CDM focuses on four of the capabilities, management of hardware and software assets, configuration, and vulnerabilities.” The first phase will allow your agency to create a baseline to measure the effectiveness of your cyber defense program.
GSA’s Blanket Purchase Agreement for CDM
In order to participate in the program, the General Services Administration (GSA) and DHS have used the GSA IT Schedule 70 as a contract vehicle. The Continuous Monitoring as a Service (CMaaS) contract provides CDM tools and integration services to all federal agencies, state, local, regional, and tribal governments under a blanket purchase agreement.
One important element of CDM is that if a civilian government agency participates, the Department of Homeland Security will pay for the cost of the tools and integration. For fiscal year 2014 alone, DHS has allocated $185 million to spend on CDM tools and services. The Department of Defense, intelligence community, and state, local, and tribal government can also purchase from the CMaaS contract to procure CDM solutions, but they must use their own funding.
Be sure to view the report online or download a PDF to learn more about CDM, and how this program is an excellent opportunity to improve your security posture.
Symantec protects the world’s information, and is the global leader in security, backup and availability solutions. Their innovative products and services protect people and information in any environment – from the smallest mobile device, to the enterprise data center, to cloud-based systems. Their industry-leading expertise in protecting data, identities and interactions gives their government customers confidence in a connected world. More information is available on Symantec's GovLoop Page.