The Continuous Diagnostics and Mitigation (CDM) Program provides a dynamic approach to fortifying the cybersecurity of government networks and systems. The CDM Program delivers cybersecurity tools, integration services, and dashboards that help participating agencies improve their security posture by:
- Reducing agency threat surface
- Increasing visibility into the federal cybersecurity posture
- Improving federal cybersecurity response capabilities
- Streamlining Federal Information Security Modernization Act (FISMA) reporting
The CDM Program was developed in 2012 to support government-wide and agency-specific efforts to provide risk-based, consistent, and cost-effective cybersecurity solutions to protect federal civilian networks across all organizational tiers.
To learn more, read the CDM Program Overview fact sheet.
Learn more about CDM’s capabilities and how the program works in this introductory video.
CDM Solutions for Federal Agencies
The CDM Program helps federal civilian agencies better understand and improve their network defense strategies.
When agencies first began using CDM tools, they discovered that their networks contained more endpoints (e.g., routers, laptops, PCs) than they had initially estimated—and in some cases the increase was 200% more. By implementing CDM capabilities, agencies are better equipped to address vulnerabilities due to vast improvements in situational awareness across their networks.
The CDM Program equips agencies with tools and capabilities that provide the following benefits:
- Increased automation to identify assets
- Improved accuracy, reporting, risk management decision making, and incident response
- Enhanced near real-time monitoring and risk response
- Improved oversight and awareness
- Fewer resources needed to acquire network systems, perform cyber monitoring, and conduct threat remediation efforts
- Centralized funding for agencies to procure CDM automated tools
- Streamlined compliance with FISMA and other federal cybersecurity mandates and initiatives
- Improved visibility and situational awareness within agencies and across the Federal Government
CDM Success Stories
CDM helps federal agencies manage information technology (IT) security and further their programmatic missions:
The Small Business Administration (SBA) used CDM services and tools to quickly scale up and secure its IT infrastructure to deploy capabilities made possible through distribution of CARES Act funds and support economically-impacted business owners as the COVID-19 pandemic was gripping the nation. Please click here to read the full Small Business Administration success story.
"Without this support from CDM, we would have struggled. Instead, we gained additional threat intelligence and an operational boost we needed in the short-term, and for the long-term we have gained foundational improvements that will enhance our systems well into the future." - SBA CISO
The Department of Health and Human Services (HHS) worked with CDM to quickly address heightened concern about pandemic-related data security by strengthening its cybersecurity threat intelligence and response mechanisms. Please click here to read the full Department of Health and Human Services success story.
"The CDM program gave us every resource we needed to defend the department while working on a vaccine to help the American public." - HHS CISO
The Cybersecurity and Infrastructure Security Agency (CISA) deployed an industry-leading privileged access management (PAM) tool as part of its CDM implementation to transition the 30 disparate information systems it managed into a cohesive enterprise-wide approach. With this tool, CISA's security operations team found an effective solution for the results they desired and gained visibility and enhanced security throughout their organization.
Please click here to read the full Cybersecurity and Infrastructure Security Agency success story.
"I'm a big proponent of automation in IT security, rather than relying on people. Machines don't have good days and bad days." - CISA Associate Chief of Security Operations
The CDM Program delivers capabilities in four areas:
Asset Management | What is on the network?
Managing "what is on the network?" helps agencies monitor devices on their network. Asset Management includes four functional areas:
- Hardware asset management
- Software asset management
- Configuration settings management
- Software vulnerability management
- Enterprise mobility management
To learn more, read the CDM Asset Management capability fact sheet.
Identity and Access Management | Who is on the network?
Managing "who is on the network?" helps agencies monitor who uses their networks and what kind of access and privileges those users have. Identity and Access Management includes four integrated functional areas:
- Account/access/managed privileges
- Trust determination for people granted access
- Credentials and authentication
- Security-related behavioral training
To learn more, read the CDM Identity and Access Management capability fact sheet.
Network Security Management | What is happening on the network? How is the network protected?
Managing "what is happening on the network?" and “how the network is protected” helps agencies protect against hacking, misuse, and unauthorized changes to internal and external boundary defenses. This capability protects agency systems by increasing visibility of:
- Network behavior
- Firewall traffic
- Encrypted and decrypted data
- Virtual private network connections
- Ports and protocols
To learn more, read the CDM Network Security Management capability fact sheet.
Data Protection Management | How is data protected?
Managing “how is data protected?” helps agencies protect highly sensitive data (especially data with personally identifiable information) on their networks through five sub-capabilities:
- Data discovery and classification
- Data protection
- Data loss prevention
- Data breach/spillage mitigation
- Information rights management
To learn more, read the CDM Data Protection Management capability fact sheet.
CDM Agency and Federal Dashboards
CDM Agency Dashboards receive, aggregate, and display information from CDM tools on agency networks and then push summarized information for display on the CDM Federal Dashboard.
- The CDM Agency Dashboard displays data about devices, users, privileges, and vulnerabilities. This dashboard collects and arranges detailed information on vulnerabilities gathered and provides an object-level view of an agency’s cybersecurity posture.
- The CDM Federal Dashboard gives CISA and the Office of Management and Budget (OMB) visibility across all federal networks to better understand how participating agencies are managing their cyber risk and to ultimately improve cybersecurity across the Federal Government. The information retrieved through this dashboard helps determine if additional resources, guidance, policies, or directives are needed to improve risk management at the agency level.
To learn more, read the CDM Program's Dashboard Ecosystem fact sheet.
Agency-Wide Adaptive Risk Enumeration (AWARE)
Addressing the Worst Problems First
Agency-Wide Adaptive Risk Enumeration (AWARE) is CDM’s risk-scoring methodology. It provides participating agencies with enhanced situational awareness of cyber risk and enables timely remediation of threats and vulnerabilities while addressing the worst problems first.
AWARE addresses a mix of factors affecting cybersecurity, including vulnerability type, how long the vulnerability existed, and where the vulnerability occurs.
Currently, AWARE measures each agency’s overall cybersecurity posture. As AWARE matures, the CDM Program will develop a system-level approach, exploring how each system within the agency is doing, the FISMA level, and how agencies are performing with a variety of activities such as multifactor authentication and threat intelligence.
Click the video below to learn more:
AWARE: Measuring Cybersecurity Performance
To learn more, read the CDM Program's AWARE Scoring fact sheet.
Shared Services Platform
The CDM Shared Services Platform extends current capabilities of the existing CDM Program into a delivery model that adheres to the core principles of a shared service. CDM shared services directly supports the OMB Chief Information Officer’s Federal Cloud Computing Strategy – Cloud Smart (formerly Cloud First) – and the Federal Information Technology Shared Services Strategy – Shared-First – while also meeting the objectives of the CDM Program.
The CDM Shared Services Platform provides non-CFO Act agencies access to CDM capabilities, leveraging a cost model and approach that is tailored to small and micro-agency resource constraints, such as funding and staff size. Information from these CDM capabilities is sent first to individual agency dashboards in the shared services environment and is then reported to the CDM Federal Dashboard in summary format.
While using the Shared Services Platform, participating agencies have access to resources that include:
- CDM training sessions
- CDM all-agency meetings
- Incorporation of lessons learned from previous CDM deployments
- Meetings with system integrator(s) to begin deployment planning
As more agency employees are connecting their mobile devices to agency networks, cybersecurity risks increase. To address these risks, the CDM Program has a focus on securing mobile assets across the Federal Enterprise. CDM’s Fiscal Year 2021 priorities to achieve this objective include:
- Assisting agencies with enhanced visibility, protections, and management of mobile assets
- Interfacing with agency enterprise mobility management systems, extending the capability where necessary, and enabling comprehensive discovery and reporting of mobile assets to the agency’s CDM Dashboard
- Collaborating with the National Cybersecurity Center of Excellence to research, test, and/or develop emerging mobile capabilities (e.g., mobile threat defense, mobile application vetting)
- Working closely with National Institute of Standards and Technology to update and align with federal guidance
- Participating in technical advisory and leadership roles within the Federal Mobility Group
CDM works with cloud service providers to support agencies that are adopting more cloud-based services and managing IT services and capabilities in these environments. The CDM Program continues to evolve to equip agencies with monitoring tools and capabilities to understand cyber risk in the cloud.
By issuing regular cloud guidance updates, CDM provides users with consistent, government-wide Information Security Continuous Monitoring (ISCM) tools. It also describes the expansion or improvement of capabilities that cloud service providers are adding to their offerings.
CDM Acquisition Strategy
The CDM acquisition strategy provides products and services to federal civilian agencies to meet CDM Program objectives. The acquisition strategy consists of the following components:
- CDM Approved Product List
The CDM Approved Products List (APL) is the authoritative catalog for approved products that meet CDM technical requirements. Software and hardware manufacturers and resellers can submit products for consideration monthly. For any questions related to CDM's acquisition strategy and/or topics, please contact firstname.lastname@example.org.
- CDM Tools Special Item Number (SIN)
While the CDM APL is the authoritative catalog of CDM products, the CDM Tools SIN is the vehicle through which CDM products are procured. The CDM Tools SIN was established in partnership with the General Services Administration (GSA) as a contracting solution to provide a consistent set of ISCM tools to federal, state, local, regional, and tribal governments. For more information about CDM Tools SIN and the CDM APL, please visit www.gsa.gov/cdm.
- CDM DEFEND Task Orders (TOs)
The Dynamic and Evolving Federal Enterprise Network Defense (DEFEND) Task Orders (TOs) are contracts executed through the GSA Alliant and Alliant 2 Governmentwide Acquisition Contract vehicles for the provision of CDM services and tools for participating agencies. Each TO is executed by a contractor who is responsible for installing and deploying CDM capabilities at that TO’s assigned agencies. DEFEND now encompasses the entire scope of CDM and can be funded by either federal agencies or the CISA CDM Program Management Office.
CDM Program Training
The CDM Program offers training opportunities to learn how to manage, monitor, and oversee controls of CDM information and how to report CDM measurements or metrics.
For registration information and to sign-up to receive training notifications, email CyberInsights@cisa.dhs.gov.
CDM Program Video Series
Continuous Diagnostics and Mitigation (CDM) Program: DEFENDing the Nation’s Federal Networks
Learn more about CDM’s capabilities and how the program works in this introductory video featuring CDM Program Manager Kevin Cox.
AWARE: Measuring Cybersecurity Performance
AWARE, a key benefit of CISA’s Continuous Diagnostics Mitigation (CDM) Program, helps federal civilian agencies to assess the size and scope of their cyber vulnerabilities so they can address the worst problems first. Learn more by viewing the AWARE: Measuring Cybersecurity Performance video.
CDM Program Overview - The Continuous Diagnostics and Mitigation (CDM) Program informs CIOs, CISOs, information system security officers, and network administrators on the cyber posture state of their networks.
CDM Asset Management capability fact sheet
CDM Identity and Access Management capability fact sheet
CDM Network Security Management capability fact sheet
CDM Data Protection Management capability fact sheet
CDM Dashboard Ecosystem - The CDM Program Dashboard Ecosystem is a collection of complementary tools and services that agencies can use to better understand, prioritize, and mitigate cyber risks.
CDM Program Shared Services Platform - The CDM Shared Services Platform provides non-CFO Act agencies with access to CDM capabilities, leveraging a cost model and approach that is tailored to small and micro-agencies.
CDM Program AWARE Scoring - Agency-Wide Adaptive Risk Enumeration (AWARE) is CDM’s risk-scoring methodology that provides participating agencies with enhanced situational awareness of cyber risk and enables timely remediation of threats and vulnerabilities while addressing the worst problems first.
What is .govCAR? - CISA uses the .govCAR methodology to conduct threat-based assessments of cyber capabilities.
Careers with CISA
Are you interested in joining the CISA team? Visit CISA Careers.
For other CDM Program questions, email CDM@cisa.dhs.gov.