The Continuous Diagnostic and Mitigation (CDM) Field Guide

In today’s world, it’s imperative that government protects our critical infrastructure to preserve our physical and economic security. To do so, cyber professionals must obtain real-time visibility of networks, improve ability to mitigate known flaws and decrease security risks by reducing their vulnerabilities. That’s why the CDM program is so important. The program enables agencies to decrease known cyber risks and flaws by expanding their continuous diagnostic capabilities. CDM is poised to have a tremendous effect on government by changing the way agencies combat cyberthreats and improve cybersecurity preparedness. Our guide explores how the program will:

  • Strategically source tools and continuous-monitoring-as-a-service (CMaaS) solutions.
  • Improve visibility of network vulnerabilities, risks and flaws.
  • Mitigate and identifying flaws at near-network speed.
  • Support efforts to provide adequate, risk-based and cost-effective security solutions.

The guide also includes an in-depth interview with John Struefert, director of federal network resilience at the Department of Homeland Security (DHS). Struefert and DHS were imperative to the creation of the program.

The CDM program will help agencies procure commercial continuous monitoring solutions. First, the Homeland Security Department, which established the program, will help an agency set up the proper sensors to conduct an automated search for cyber flaws. The results will feed into a local dashboard and export customized reports. The reports can then alert network managers to the most critical flaws and risks based on weighted scores. Administrators will receive prioritized alerts to help allocate resources to mitigate flaws. Finally, progress will be tracked through dashboards and can be compared among department and agency networks, which will help improve the shared risk of each department.

Although new technology continues to enter the marketplace to make life easier, it also leads to increased security risks. Technology trends such as the Internet of Things, mobile and cloud computing have helped meet the public sector’s growing and multifaceted needs. At the same time, this dynamic has led to conflicting interests and added complexity. On one hand, agencies must leverage new technology to meet demand. On the other, technology must be deployed safely and securely to protect data and confidential information.


Explore our guide to learn how your agency can take part in the CDM program.


Thank you to our industry partners for sponsoring our report, the Continuous Diagnostic and Mitigation (CDM) Program Field Guide.