Cybersecurity

CISA Announces New Vulnerability Disclosure Policy (VDP) Platform

Last fall, we issued the final version of Binding Operational Directive (BOD 20-01), which was issued in support of the Office of Management and Budget M-20-32, “Improving Vulnerability Identification, Management, and Remediation”. This Directive reflects CISA’s commitment to strengthening cybersecurity and resilience for federal civilian agencies by requiring agencies to establish policies enabling the public to contribute and report vulnerability disclosures. Recognizing that policies alone are not sufficient, we also announced plans to launch a vulnerability disclosure platform service in the near future. Today, the future arrived.   

CDM Success Stories: Department of Health and Human Services (HHS)

The Department of Health and Human Services (HHS) worked with CDM to quickly address heightened concern about pandemic-related data security by strengthening its cybersecurity threat intelligence and response mechanisms.

“The CDM program gave us every resource we needed to defend the department while working on a vaccine to help the American public.” – HHS CISO

Chinese Cyber Threat Overview and Actions for Leaders

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that the People’s Republic of China (PRC) leverages cyber operations to assert its political and economic development objectives. Chinese state-sponsored cyber actors aggressively target U.S. and Allied political, economic, military, educational, and critical infrastructure (CI) personnel and organizations to steal sensitive data, emerging and key technology, intellectual property, and personally identifiable information (PII).

War on Pineapple

This infographic, with a tongue-in-cheek approach to putting pineapple on pizza, looks at how foreign adversaries conduct malign information operations to inflame hot button issues in the United States.

CDM Capabilities: Network Security Management

The CDM Program ultimately reduces the threat surface and improves federal cybersecurity response through four capability areas: Asset Management, Identity and Access Management, Network Security Management, and Data Protection Management.The Network Security Management capability is designed to provide agencies with greater visibility into what is happening on their networks, which also gives them a better understanding of how the networks are being protected.

To learn more about the CDM Program's Network Security Management capability:

CDM Capabilities: Identity and Access Management

The CDM Program ultimately reduces the threat surface and improves federal cybersecurity response through four capability areas: Asset Management, Identity and Access Management, Network Security Management, and Data Protection Management. The Identity and Access Management capability is intended to manage the access and privileges of agency network users.

Learn more about the CDM Program's Identity and Access Management capability: