Continuous Diagnostics and Mitigation Training


Welcome to the Continuous Diagnostics and Mitigation (CDM) Training page. Here you will discover numerous CDM training resources available in multiple formats and media. These options are meant to enrich your learning experience and help you gain further awareness, understanding, and overall knowledge of the CDM Program. The delivery methods we offer include: In-Person, On-Demand, Virtual In-Person, Micro Learns, and Webinars.

Sign up! Receive training opportunity notices, and learn more about our online, interactive, self-paced training options, webinars, and micro-learns. Email CyberInsights@cisa.dhs.gov for registration information.

Audience: Those who monitor, manage, and oversee controls on their information systems, such as ISSOs, CDM POCs, ISSMs, and others who report measurements and/or metrics.

How To Register For Training

Register for all upcoming featured events, webinars for CDM training sessions. 

Current State of the CDM Program

Innovation and Evolution of the CDM Dashboard

This half-hour video provides an interview with Mr. Kevin Cox on the current state of the CDM program as well as an overview of the new CDM Agency Dashboard Ecosystem. Additionally, the video provides four use case demonstrations in the CDM Agency Dashboard Ecosystem on how agencies can use the new dashboard to help manage their cybersecurity risk.

Innovation and Evolution of the CDM Dashboard Demo  

Innovation and Evolution of the CDM Dashboard Transcript

Congressional Interest and Support for the CDM Program

This five-minute video demonstrates the interest from Congress in the CDM program from DHS. It uses testimony from Representative Gerry Connolly (VA-11), Representative John Ratcliffe (TX-4), and Mr. Kevin Cox from the CDM PMO to illustrate the value and benefit of what the CDM program is doing for Federal Agencies.

Congressional Interest and Support for the CDM Program Video

Congressional Interest and Support for the CDM Program Transcript

Overview of Each CDM Dashboard Course

All the Micro-Learn videos and CDM Dashboard course recordings are available via FedVTE.

CDM Agency Dashboard Micro-Learn Videos

  • These short videos (3-10 minutes) of the new CDM Agency Dashboard will provide a foundation level of knowledge and background that will help end users of the dashboard prepare for our in-person training demonstrations and hands-on activities, as well as the implementation of the new dashboard. 
    • What is CDM and the CDM Agency Dashboard?
    • Introduction to the New CDM Agency Dashboard
    • Introduction to the AWARE Scoring Algorithm 1.0
    • Detailed AWARE Scoring Algorithm 1.0 Details
    • CDM Agency Dashboard – Kibana User Interface
    • CDM Agency Dashboard Architecture and Data Flow
    • CDM Agency Dashboard Data Structure and Schema
    • CDM Agency Dashboard – Understanding JSON Documents 

CDM 141: Introduction to the CDM Agency Dashboard 

  • This course provides participants with the essential knowledge of the CDM Agency Dashboards. It explains basic features and navigation within the environment, including live demonstrations using the CDM Agency Dashboard, to identify and report on vulnerabilities.

CDM 142: Asset Management with the CDM Agency Dashboard

  • This course presents an overview of how the dashboard provides visibility into the metrics and measurements needed for a continuous monitoring program. It explains how to create queries for hardware (HW) and software (SW) assets and introduces a framework for using data reports to inform risk-based decision-making.

CDM 143: Vulnerability Management with the CDM Agency Dashboard

  • This course introduces participants to CDM Agency-Wide Adaptive Risk Enumeration (AWARE) and other vulnerability management topics. With the information provided, dashboard users can identify the most critical vulnerabilities and prioritize mitigation activities at their agency.

CDM 201: Identity and Access Management Capabilities within the CDM Agency Dashboard 

  • This course introduces participants to the four identity management capabilities—PRIV, CRED, TRUST, and BEHAVE—and to the use of the CDM Agency Dashboard to reduce risks associated with each.

CDM 202: Managing Configuration Settings with the CDM Agency Dashboard

  • This course demonstrates the configuration settings management (CSM) capability within the new CDM Agency Dashboard. Students are shown the basic concepts associated with CSM, the importance of Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs), how CSM scoring is incorporated into the AWARE calculations, and gain an understanding of how the CSM capability of the CDM Agency Dashboard can be used to reduce the misconfiguration of assets in their inventory.

CDM 203: CDM Dashboard Role Based Training - System Security Analyst

  • This course demonstrates the continuous monitoring and analysis capability with the CDM Agency Dashboard for those cybersecurity workforce staff that use the dashboard routinely. Students are shown concepts associated with continuous monitoring and analysis of the top issues that affect networks. Topics include an overview of the responsibilities of the Security analyst, continuous monitoring, how the CDM Agency Dashboard can be used to identify vulnerabilities, AWARE scoring, the reporting function, and possible courses of action.

CDM 111: Analyzing Cyber Risk with the CDM Agency Dashboard 

  • This two-day course is the culmination of the first four courses described above. The course was designed for those who have attended our two-hour webinars and want the hands-on experience using the CDM Agency Dashboard. During the course, users will discover the HWAM, SWAM, CSM, VUL, and IAM data within the new CDM Agency Dashboard, and use this data to begin mitigation activities. The course includes peer interactions and small and large-group discussions, as well as hands-on activities with the new CDM Agency Dashboard.

Virtual Learning Training Environment

The Federal Virtual Training Environment (FedVTE) CDM Training Program is a library of online video vignettes for Government employees and contractors. https://fedvte.usalearning.gov/

AWARE (Agency-Wide Adaptive Risk Enumeration)

Let's Talk About ... AWARE

In this 17-minute episode, David Otto, a Risk Management Subject Matter Expert with the Continuous Diagnostics & Mitigation (CDM) Program, talks about how agencies can optimize the use of Agency-Wide Adaptive Risk Enumeration (AWARE) – an algorithm tied into the CDM Federal Dashboard that helps agencies measure risk. During an interview, by Mr. Jim Wiggins, Mr. Otto explains what AWARE is, what it does, and how agencies can use AWARE to improve their risk management decisions. Other topics include how agencies can interpret and socialize their AWARE results and how AWARE and the Risk Management Framework complement each other to mitigate risk.

Let's Talk About...AWARE Video

Let's Talk About...AWARE Transcript

CDM Agency-Wide Adaptive Risk Enumeration (AWARE) Overview

In this webinar, Dave Otto (CDM Program Office, AWARE Lead) presents an overview and discussion on the Agency-Wide Adaptive Risk Enumeration (AWARE) scoring algorithm and how it can be used to inform decision-making in the management of cyber risk. The recording is divided into three parts, due to its large media file size.

Learn How CDM’s AWARE Scoring Can Help You Reduce Cyber Risk

Learn how AWARE works, and how it can be used to reduce risks across the federal enterprise. Mr. Dave Otto, CDM Program Management Office presents a one-hour webinar on AWARE, providing an overview of the scoring methodology behind AWARE, and what you need to do to improve your agency’s score. He also offers insights on how AWARE could evolve as agencies gain more experience with CDM to support information security continuous monitoring policies.

Learn How CDM's AWARE Scoring Can Help You Reduce Cyber Risk Recording
Learn How CDM's AWARE Scoring Can Help You Reduce Cyber Risk Slide Deck
Learn How CDM's AWARE Scoring Can Help You Reduce Cyber Risk Certificate of Attendance

ISCM Technical Assistance Workshop

ISCM E-Learning Module

The Information Security Continuous Monitoring (ISCM) Technical Assistance Workshop will provide introductory information on the importance of building an ISCM strategy, how ISCM integrates with an organization’s Enterprise Risk Management (ERM) strategy, and ISCM program management and execution.

ISCM E-Learning Module Recording
ISCM E-Learning Module Slide Deck
ISCM E-Learning Module Certificate of Attendance

Supporting documents:

Ransomware

Using the CDM Agency Dashboard to Combat WannaCry Ransomware

This 15-minute video explains how a Federal Agency can use the CDM Agency dashboard to identify and mitigate system vulnerabilities that are exploited by the WannaCry Ransomware malware. The video demonstrates tasks that can be carried out in the CDM Agency dashboard to manage risks to agency systems and information that might be otherwise taken advantage of by this negative threat.

Using the CDM Agency Dashboard to Combat WannaCry Ransomware Video
Using the CDM Agency Dashboard to Combat WannaCry Ransomware Transcript

Vulnerability Management Using Drupal

The 10-minute video describes how the CDM program can be used to identify and remediate cybersecurity risks through vulnerability management using the example of Drupal Security Alerts.

Vulnerability Management Using Drupal Video

How to Address the Threat of Ransomware Attacks

Topics covered: What is Ransomware? How it works? What are the signs of infection? What can you do?

How to Address the Threat of Ransomware Attacks Video

Securing High Value Assets Series 

The FY19 Improving Agencies' Cyber Readiness micro learn series covers the top six risks identified in the “Securing High Value Assets” white paper published in July 2018. In this part, we discuss the topic of Patch Management as it relates to High Value Assets, also known as HVAs. This is one of a series of micro learns that present leading practices that DHS has identified in the operations and maintenance of HVAs.

Patch Management (1 of 6)

Topics covered: What is a High Value Asset? Why is this Patch Management finding important? What types of challenges do organizations face with Patch Management? What steps should your organization take to respond to this finding?

Patch Management Video

Enterprise Risk Management (2 of 6)

Topics covered: What is ERM? What is a High Value Asset? Why does ERM matter to HVAs? What does ERM mean to HVAs? How should Federal agencies plan to address this finding?

Enterprise Risk Management Video

Malware Defense (3 of 6)

Topics covered: What is Malware? Why does it matter? What this means to You.  What is a High Value Asset (HVA). What Issues did DHS find? Protecting HVAs.

Malware Defense Video

Ransomware (4 of 6)

How to Address the Threat of Ransomware Attacks

Topics covered:  What is Ransomware? How it works? What are the signs of infection? What can you do?

Ransomware Video

Authentication (5 of 6)

Topics covered:  Why does HVA authentication matter? What does it mean to you? How can you protect your organization?

Authentication Video

Access Control (6 of 6)

Topics covered:  What is Access Control? Why does this matter? What is a High Value Asset (HVA)? What issue did DHS find? Guidance for protecting HVAs.

Access Control Video

Webinar Series

The Webinar series is a sequence of interactive, online discussions intended for federal civilian agencies. The series aims to increase agencies’ understanding of cybersecurity organizational best practices, risk management concepts, and mission impact relative to the CDM Program.

The theme for FY19 focused on Improving Agencies' Cyber Readiness across the federal landscape. FY20 builds on that foundation and focuses on increasing cyber-readiness across the federal enterprise through proactive planning and decision-making. Specifically, FY20 webinars will provide operational insights and practices, then link them to the CDM Program and agency implementation of CDM capabilities. In addition, the webinars will include lessons to help agencies link operational cybersecurity with mission impacts and risk mitigation. 

How Identity, Credential, and Access Management (ICAM) Protects Your Agencies’ Assets

Learn about the importance of ICAM in the context of the CDM Program and the “life cycle” of agencies’ employees as they join, move in, then leave an organization. Mr. Ross Foard, Cybersecurity and Infrastructure Security Agency (CISA), CDM Program Management Office, and Mr. Aaron Fiebelkorn, CISA, Cybersecurity Division, present a one-hour webinar on ICAM. They discuss the credential management issues that arise during CDM Phase 2, how ICAM factors into cloud computing, and the zero-trust approach to access control.

ICAM Recording
ICAM Slide Deck
ICAM Certificate of Attendance

How Data Consistency Impacts CDM

Learn more about how data consistency impacts CDM from Mr. Rick McMaster, CDM Program Management Office. This webinar includes open discussions with attendees to better understand challenges and lessons learned.

Data Consistency Recording
Data Consistency Slide Deck
Data Consistency Certificate of Attendance

CDM Agency Dashboard: The CONOPS and Beyond

Learn about the Concept of Operations (CONOPS) for the Agency CDM Dashboard. Mr. Willie Crenshaw, Program Executive for CDM, National Aeronautics and Space Administration (NASA), and Mr. Mark Singer, Guidance and Planning Team Lead for Cybersecurity Governance, Federal Network Resilience Division, review the highlights of the CDM Agency Dashboard CONOPS, what features are included through CDM Release 6, and how agencies can take full advantage of Release 6 features.

CONOPS and Beyond Recording
CONOPS and Beyond Slide Deck
CONOPS and Beyond Certificate of Attendance

Learn How CDM’s AWARE Scoring Can Help You Reduce Cyber Risk

Learn how AWARE works, and how it can be used to reduce risks across the federal enterprise. Mr. Dave Otto, CDM Program Management Office presents a one-hour webinar on AWARE, providing an overview of the scoring methodology behind AWARE, and what you need to do to improve your agency’s score. He also offers insights on how AWARE could evolve as agencies gain more experience with CDM to support information security continuous monitoring policies.

Reduce Cyber Risk Recording
Reduce Cyber Risk Slide Deck
Reduce Cyber Risk Recording Certificate of Attendance

Past Events

LEGACY Introduction to Creating Queries & Reports Using the CDM Agency Dashboard (CDM102)

This course provides participants with the basic knowledge of continuous monitoring concepts. It includes four live demonstrations using the search, query, and reporting capabilities of the CDM Agency Dashboard to identify and report on vulnerabilities.

Demonstration course (2 hours) –
March 13, 2020 Recording link: https://dhsconnect.connectsolutions.com/pntxhot6j1hq/

LEGACY Using Measurements & Metrics of Hardware & Software Assets with the CDM Agency Dashboard (CDM103)

This course presents an overview of how the dashboard provides visibility into the metrics and measurements needed for a continuous monitoring program; explains how to create queries for HW and SW assets; and introduces a framework for using data reports to inform risk-based decision-making.

Demonstration course (2 hours)
April 9, 2020 Recording link: https://dhsconnect.connectsolutions.com/p40jgn4vpuow/

LEGACY Using the CDM Agency Dashboard to Drive Your Vulnerability Management Work Plan (CDM104)

This course introduces participants to CDM Agency-Wide Adaptive Risk Enumeration (AWARE).

Demonstration course (2 hours) –
April 28, 2020 Recording link: https://dhsconnect.connectsolutions.com/px4zy3c4yopg/

LEGACY CDM Agency Dashboard Asset Discovery Bootcamp (CDM110)

This in-person course incorporates the first three CDM Agency Dashboard training courses into one two-day event and allows additional time for hands-on exercises and questions. The class includes all content from

  • Introduction to Creating Queries & Reports;

  • Using Measurement & Metrics of Hardware & Software Assets; and

  • Using the CDM Agency Dashboard to Drive Your Vulnerability Management Work Plan.

Privacy Act Statement

Authority: 5 U.S.C. § 301 and 44 U.S.C. § 3101 authorize the collection of this information.

Purpose: The information on this website is intended for government cybersecurity professionals who are participating in the Department of Homeland Security (DHS) Continuous Diagnostics and Mitigation (CDM) Program and for cybersecurity professionals who would like more information on implementing a continuous monitoring program. The primary purpose for the collection of this information is to allow the DHS to contact you about your registration using an approved version of Adobe Connect for the DHS CDM training program.

Routine Uses: The information collected may be disclosed as generally permitted under 5 U.S.C. § 552a(b) of the Privacy Act of 1974, as amended. This includes using the information as necessary and authorized by the routine uses published in DHS/ALL-002 - Department of Homeland Security (DHS) Mailing and Other Lists System November 25, 2008, 73 FR 71659.

Disclosure: Providing this information is voluntary. However, failure to provide this information will prevent DHS from contacting you in the event there are queries about your request or registration.

Was this webpage helpful?  Yes  |  Somewhat  |  No