Continuous Diagnostics and Mitigation (CDM)


​The Continuous Diagnostics and Mitigation (CDM) Program provides a dynamic approach to fortifying the cybersecurity of government networks and systems. The CDM Program delivers cybersecurity tools, integration services, and dashboards that help participating agencies improve their security posture by:

The CDM Program was developed in 2012 to support government-wide and agency-specific efforts to provide risk-based, consistent, and cost-effective cybersecurity solutions to protect federal civilian networks across all organizational tiers.

To learn more, read the CDM Program Overview fact sheet (pdf, 308KB).
 

Learn more about CDM’s capabilities and how the program works in this introductory video.
 

CDM Solutions for Federal Agencies

The CDM Program helps federal civilian agencies better understand and improve their network defense strategies.

When agencies first began using CDM tools, they discovered that their networks contained more endpoints (e.g., routers, laptops, PCs) than they had initially estimated—and in some cases the increase was 200% more. By implementing CDM capabilities, agencies are better equipped to address vulnerabilities due to vast improvements in situational awareness across their networks.

The CDM Program equips agencies with tools and capabilities that provide the following benefits:

  • Increased automation to identify assets
  • Improved accuracy, reporting, risk management decision making, and incident response
  • Enhanced near real-time monitoring and risk response
  • Improved oversight and awareness
  • Fewer resources needed to acquire network systems, perform cyber monitoring, and conduct threat remediation efforts
  • Centralized funding for agencies to procure CDM automated tools
  • Streamlined compliance with FISMA and other federal cybersecurity mandates and initiatives
  • Improved visibility and situational awareness within agencies and across the Federal Government
     

CDM Success Stories

CDM helps federal agencies manage information technology (IT) security and further their programmatic missions:

The Department of Veterans Affairs (VA) gained unprecedented enterprise-wide visibility into its networks through the implementation of an enhanced CDM Hardware Access Management (HWAM) capability. Once underway, the agency realized the benefits it could achieve from expanded use of the tool throughout its information technology (IT) operations - both inside and external to CISA's CDM Program. Please click here to read the full Department of Veterans Affairs success story (pdf, 153KB).

"We integrated the HWAM tool with many other capabilities that we had for other users, got them to talk with another, and this interactivity enriched our data sets and the other services they were 'talking' to." - VA IT Specialist
 

The Small Business Administration (SBA) used CDM services and tools to quickly scale up and secure its IT infrastructure to deploy capabilities made possible through distribution of CARES Act funds and support economically-impacted business owners as the COVID-19 pandemic was gripping the nation. Please click here to read the full Small Business Administration success story (pdf, 153KB).

"Without this support from CDM, we would have struggled. Instead, we gained additional threat intelligence and an operational boost we needed in the short-term, and for the long-term we have gained foundational improvements that will enhance our systems well into the future." - SBA CISO
 

The Department of Health and Human Services (HHS) worked with CDM to quickly address heightened concern about pandemic-related data security by strengthening its cybersecurity threat intelligence and response mechanisms. Please click here to read the full Department of Health and Human Services success story (pdf, 168KB).

"The CDM program gave us every resource we needed to defend the department while working on a vaccine to help the American public." - HHS CISO

 

CDM Capabilities

The CDM Program delivers capabilities in four areas:

Asset Management | What is on the network?CDM Venn Diagram

Managing "what is on the network?" helps agencies monitor devices on their network. Asset Management includes four functional areas:

  • Hardware asset management
  • Software asset management
  • Configuration settings management
  • Software vulnerability management
  • Enterprise mobility management

To learn more, read the CDM Asset Management capability fact sheet (pdf, 262KB).

Identity and Access Management | Who is on the network?

Managing "who is on the network?" helps agencies monitor who uses their networks and what kind of access and privileges those users have. Identity and Access Management includes four integrated functional areas:

  • Account/access/managed privileges
  • Trust determination for people granted access
  • Credentials and authentication
  • Security-related behavioral training

To learn more, read the CDM Identity and Access Management capability fact sheet (pdf, 282KB).

Network Security Management | What is happening on the network? How is the network protected?

Managing "what is happening on the network?" and “how the network is protected” helps agencies protect against hacking, misuse, and unauthorized changes to internal and external boundary defenses. This capability protects agency systems by increasing visibility of:

  • Network behavior
  • Firewall traffic
  • Encrypted and decrypted data
  • Virtual private network connections
  • Ports and protocols

To learn more, read the CDM Network Security Management capability fact sheet (pdf, 247KB).

Data Protection Management | How is data protected?

Managing “how is data protected?” helps agencies protect highly sensitive data (especially data with personally identifiable information) on their networks through five sub-capabilities:

  • Data discovery and classification
  • Data protection
  • Data loss prevention
  • Data breach/spillage mitigation
  • Information rights management

To learn more, read the CDM Data Protection Management capability fact sheet (pdf, 259KB).

 

CDM Agency and Federal Dashboards

CDM Agency Dashboards receive, aggregate, and display information from CDM tools on agency networks and then push summarized information for display on the CDM Federal Dashboard. 

  • The CDM Agency Dashboard displays data about devices, users, privileges, and vulnerabilities. This dashboard collects and arranges detailed information on vulnerabilities gathered and provides an object-level view of an agency’s cybersecurity posture.
  • The CDM Federal Dashboard gives CISA and the Office of Management and Budget (OMB) visibility across all federal networks to better understand how participating agencies are managing their cyber risk and to ultimately improve cybersecurity across the Federal Government. The information retrieved through this dashboard helps determine if additional resources, guidance, policies, or directives are needed to improve risk management at the agency level.

To learn more, read the CDM Program's Dashboard Ecosystem fact sheet (pdf, 424KB).

 

Agency-Wide Adaptive Risk Enumeration (AWARE)

Addressing the Worst Problems First

Agency-Wide Adaptive Risk Enumeration (AWARE) is CDM’s risk-scoring methodology. It provides participating agencies with enhanced situational awareness of cyber risk and enables timely remediation of threats and vulnerabilities while addressing the worst problems first.

AWARE addresses a mix of factors affecting cybersecurity, including vulnerability type, how long the vulnerability existed, and where the vulnerability occurs.

Currently, AWARE measures each agency’s overall cybersecurity posture. As AWARE matures, the CDM Program will develop a system-level approach, exploring how each system within the agency is doing, the FISMA level, and how agencies are performing with a variety of activities such as multifactor authentication and threat intelligence.

Click the video below to learn more:

AWARE: Measuring Cybersecurity Performance 
 

To learn more, read the CDM Program's AWARE Scoring fact sheet (pdf, 344KB).

 

Shared Services Platform

The CDM Shared Services Platform extends current capabilities of the existing CDM Program into a delivery model that adheres to the core principles of a shared service. CDM shared services directly supports the OMB Chief Information Officer’s Federal Cloud Computing Strategy – Cloud Smart (formerly Cloud First) – and the Federal Information Technology Shared Services Strategy – Shared-First – while also meeting the objectives of the CDM Program.

The CDM Shared Services Platform provides non-CFO Act agencies access to CDM capabilities, leveraging a cost model and approach that is tailored to small and micro-agency resource constraints, such as funding and staff size. Information from these CDM capabilities is sent first to individual agency dashboards in the shared services environment and is then reported to the CDM Federal Dashboard in summary format.

While using the Shared Services Platform, participating agencies have access to resources that include:

  • CDM training sessions
  • CDM all-agency meetings
  • Incorporation of lessons learned from previous CDM deployments
  • Meetings with system integrator(s) to begin deployment planning

To learn more, read the CDM Program Shared Services Platform fact sheet (pdf, 414KB).

 

Mobile

As more agency employees are connecting their mobile devices to agency networks, cybersecurity risks increase. To address these risks, the CDM Program has a focus on securing mobile assets across the Federal Enterprise. CDM’s Fiscal Year 2021 priorities to achieve this objective include:

  • Assisting agencies with enhanced visibility, protections, and management of mobile assets
  • Interfacing with agency enterprise mobility management systems, extending the capability where necessary, and enabling comprehensive discovery and reporting of mobile assets to the agency’s CDM Dashboard
  • Collaborating with the National Cybersecurity Center of Excellence to research, test, and/or develop emerging mobile capabilities (e.g., mobile threat defense, mobile application vetting)
  • Working closely with National Institute of Standards and Technology to update and align with federal guidance 
  • Participating in technical advisory and leadership roles within the Federal Mobility Group

 

Cloud

CDM works with cloud service providers to support agencies that are adopting more cloud-based services and managing IT services and capabilities in these environments. The CDM Program continues to evolve to equip agencies with monitoring tools and capabilities to understand cyber risk in the cloud.

By issuing regular cloud guidance updates, CDM provides users with consistent, government-wide Information Security Continuous Monitoring (ISCM) tools. It also describes the expansion or improvement of capabilities that cloud service providers are adding to their offerings.

 

CDM Acquisition Approach

The CDM acquisition approach includes providing products and services to federal civilian agencies to strengthen agency cybersecurity. The acquisition approach includes the following components:

  • CDM Approved Products List (APL)
    CISA manages the CDM APL and has ensured that approved CDM products are easily available for purchase by federal agencies through several options, including the CDM DEFEND contract vehicle, the Multiple Award Schedule (MAS) Information Technology (IT) contract (through GSA Advantage!), and the NASA SEWP CDM Catalog. Note that on GSA Advantage! all CDM APL products have a CDM tag, giving purchasers the confidence that these products are CDM approved. Please visit CDM APL for more information.
     

  • CDM DEFEND Task Orders
    CDM Dynamic and Evolving Federal Enterprise Network Defense (DEFEND) is a series of task orders offering an all-encompassing approach for addressing CDM Program requirements. Each DEFEND task order is executed by an industry partner that is responsible for installing and deploying CDM capabilities at federal civilian agencies. DEFEND offers a wide array of benefits, such as providing flexibility to purchase new tools as they are developed and allowing agencies to shorten acquisition timelines by reducing the frequency of recompetes.

For more information, please visit Doing Business with Capacity Building.

 

CDM Program Training

The CDM Program offers training opportunities to learn how to manage, monitor, and oversee controls of CDM information and how to report CDM measurements or metrics.

For registration information and to sign-up to receive training notifications, email CyberInsights@cisa.dhs.gov.

 

Resources

CDM Program Video Series

Continuous Diagnostics and Mitigation (CDM) Program: DEFENDing the Nation’s Federal Networks

Learn more about CDM’s capabilities and how the program works in this introductory video.


AWARE: Measuring Cybersecurity Performance

AWARE, a key benefit of CISA’s Continuous Diagnostics Mitigation (CDM) Program, helps federal civilian agencies to assess the size and scope of their cyber vulnerabilities so they can address the worst problems first. Learn more by viewing the AWARE: Measuring Cybersecurity Performance video.

 

Fact Sheets

 

Careers with CISA

Are you interested in joining the CISA team? Visit CISA Careers.

Contact Us

For other CDM Program questions, email CDM@cisa.dhs.gov.

Was this webpage helpful?  Yes  |  Somewhat  |  No