Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Cybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and ResilienceCybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and Resilience
CISA Logo

Search

 

America's Cyber Defense Agency
 
  • Topics
    Cybersecurity Best Practices
    Cyber Threats and Advisories
    Critical Infrastructure Security and Resilience
    Election Security
    Emergency Communications
    Industrial Control Systems
    Information and Communications Technology Supply Chain Security
    Partnerships and Collaboration
    Physical Security
    Risk Management
    How can we help?
    GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help LocallyFaith-Based CommunityExecutivesHigh-Risk Communities
  • Spotlight
  • Resources & Tools
    All Resources & Tools
    Services
    Programs
    Resources
    Training
    Groups
  • News & Events
    News
    Events
    Cybersecurity Alerts & Advisories
    Directives
    Request a CISA Speaker
    Congressional Testimony
    CISA Conferences
    CISA Live!
  • Careers
    Benefits & Perks
    HireVue Applicant Reasonable Accommodations Process
    Hiring
    Resume & Application Tips
    Students & Recent Graduates
    Veteran and Military Spouses
  • About
    Divisions & Offices
    Regions
    Leadership
    Doing Business with CISA
    Site Links
    CISA GitHub
    CISA Central
    Contact Us
    Subscribe
    Transparency and Accountability
    Policies & Plans

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Breadcrumb
  1. Home
  2. Resources & Tools
  3. Programs
  4. Continuous Diagnostics and Mitigation (CDM) Training
Share:

Resources & Tools

  • All Resources & Tools
  • Services
  • Programs
  • Resources
  • Training
  • Groups

Continuous Diagnostics and Mitigation (CDM) Training

Related topics:
Cybersecurity Best Practices
Cyber city

Welcome to the Continuous Diagnostics and Mitigation (CDM) Training page. Here you will discover numerous CDM training resources available in multiple formats and forms of media. These options are meant to enrich your learning experience and help you gain further awareness, understanding, and overall knowledge of the CDM Program. The delivery methods we offer include In-person, On-demand, Virtual In-person, Micro-learns, and Webinars.

Sign up! Receive training opportunity notices and learn more about our online, interactive, self-paced training options, webinars, and micro-learns. Email CyberInsights@cisa.dhs.gov for registration information.

Audience: Those who monitor, manage, and oversee information systems controls, such as Information System Security Officers (ISSO), Systems Administrators, CDM Points of Contact (POC), Information Systems Security Managers (ISSM), and others who report measurements and/or metrics.

Continuous Diagnostics and Mitigation Training Privacy Act Statement

View Statement

Authority: 5 U.S.C. § 301 and 44 U.S.C. § 3101 authorize the collection of this information.

Purpose: The purpose of this collection is to provide individuals access to Cybersecurity and Infrastructure Security Agency (CISA) Continuous Diagnostics and Mitigation (CDM) Training and information using CISA Webex.

Routine Uses: The information collected may be disclosed as generally permitted under 5 U.S.C. § 552a(b) of the Privacy Act of 1974, as amended. This includes using the information, as necessary and authorized by the routine uses published in DHS/ALL-002 - Department of Homeland Security (DHS) Mailing and Other Lists System November 25, 2008, 73 FR 71659.

Disclosure: Providing this information is voluntary; however, failure to provide this information may prevent DHS from contacting you in the event there are queries about your request or registration.

CDM Dashboard Cyber Range Training

CISA provides Continuous Diagnostics and Mitigation (CDM) dashboard cyber range training within a virtual environment, which provides students a simulated version of the ES-5 CDM Dashboard currently in production at participating federal agencies. Students will have the opportunity to complete hands-on lab activities with knowledge check questions at the conclusion of each lab.

Training Topics:

CDM111: Analyzing Cyber Risks with the CDM Agency Dashboard

A two-day in-person course that explores the features of the current CDM Agency Dashboard version ES-5 such as Data Quality Reporting, Security Technical Implementation Guide (STIG) Reference Data, Federal Information Security Modernization Act (FISMA) Metrics, Summary Reporting, and other capabilities.

The hands-on lab activities in the current CDM Agency Dashboard version ES-5 include identifying the top network risks using CVEs; targeting legacy software and identifying unmanaged devices; prioritizing mitigation activities using the Agency Wide Adaptive Risk Enumeration (AWARE) 1.5 supplemental scoring algorithm; monitoring users’ Identity and Access Management (IdAM) capability status; creating filters; using unique queries; and producing tailored status reports.

CDM141: Introduction to the CDM Agency Dashboard

This four-hour course will review the current CDM Agency Dashboard enhancements including Risk Scoring, AWARE 1.5, Data Quality Reporting, STIG Reference Data, IdAM, FISMA Metrics, Summary Reporting, and other capabilities. Participate in hands-on lab activities to learn how to navigate and search the data within CDM using the Elastic Stack tools. See how that data can be used to create meaningful custom reports to communicate query results to leadership and stakeholders. Learn how to use AWARE to prioritize vulnerability management activities to address (or mitigate) the most critical vulnerabilities first.

CDM142: Asset Management with the CDM Agency Dashboard

This four-hour course will review the CDM Agency Dashboard enhancements including Risk Scoring, AWARE 1.5, Data Quality Reporting, STIG Reference Data, IdAM, FISMA Metrics, Summary Reporting, and other capabilities. Learn how you can use the CDM Agency Dashboard unified data to enhance situational awareness, mitigation prioritization, and cybersecurity outcomes within your organization. Participate in hands-on lab exercises to navigate and search the data within the CDM Agency Dashboard. See how you can use that data to create meaningful and visually appealing custom reports to communicate query results to leadership and stakeholders. Learn how to use AWARE to prioritize asset management activities to address or mitigate the most urgent or highest impact vulnerabilities first.

CDM203: Systems Security Analyst

This four-hour course will identify and discuss the dashboard role of the System Security Analyst, recommended continuous monitoring activities, and use of the dashboard to support those activities. The course will demonstrate how to search and save routine queries to support recurring reporting responsibilities and identify and analyze system discrepancies within a given system boundary using the CDM Agency Dashboard.

CDM220: CDM & Federal Mandates—How to use the CDM Dashboard to enable automated BOD 22-01 Reporting

This four-hour course presents information regarding current federal cybersecurity directives, mandates, and policies and CDM Agency Dashboard support capabilities. The course will prominently feature details regarding use of the CDM Dashboard to enable automated Binding Operational Directive (BOD) 22-01 reporting. The key features of this course include policy origination and history, current directives and mandates, agency and CISA responsibilities, subject matter expertise regarding directives and mandates, and an overview of the new BOD 23-01

This course will provide information regarding use of the CDM Dashboard to address the requirements of a directive, adhere to policies, and understand how to identify and monitor known exploitable vulnerabilities. CISA recommends knowledge of cybersecurity and privacy principles and a familiarity with organizational cybersecurity requirements and procedures.

CDM222: Using the CDM Agency Dashboard to Advance Cyber Defense

This two-day, in-person course explores the features of the current CDM Agency Dashboard version such as details on Configuration Settings Management, CDM Enabled Threat Hunting, federal mandates such as Binding Operational Directives (BOD) 22-01, 23-01 and Executive Order 14028. Additionally, the systems security analyst roles for continuous monitoring will be discussed and other capabilities of the CDM Dashboard ES-6.

There will be nine (9) hands-on lab activities in the current CDM Agency Dashboard version, which include identifying the top risks to your network by using CVEs; searching for configuration misconfigurations; identifying continuous monitoring methodologies; how to use the known exploited vulnerabilities (KEV) catalog; exploring the Directives Dashboard and targeting CVEs related to BODs; and creating detailed filters and unique queries to produce tailored status reports.

CDM301: Management Overview of CDM and the CDM Agency Dashboard

This two-hour course will describe the key elements of the Management Leadership Role as the National Initiative for Cybersecurity Education (NICE) Framework defines them, review the principles of information assurance, identify the Federal laws that govern cybersecurity and required executive and senior-level management responsibilities, and discuss the purpose of the CDM Program. The course will show how the CDM Agency Dashboard can help establish a cybersecurity baseline. A demonstration of how the CDM Agency Dashboard can be used to make risk-based decisions at the enterprise level will also be discussed.

CDM320: Using the CDM Agency Dashboard to Respond to Federal Directives—BOD 22-01 & BOD 23-01

This two-hour course presents information regarding current Federal cybersecurity directives BOD 22-01 and BOD 23-01 and the CDM Agency Dashboard can support these directives. The course will explain the BODs’ scope and cover reporting responsibilities. The hands-on labs will enable students to practice using the CDM Agency Dashboard to enable automated BOD 22-01 reporting. This course will provide an overview of BOD 23-01 and guide the learner on use of the CDM Dashboard to address the requirements of a directive, adhere to policies, and understand how to identify and monitor Known Exploitable Vulnerabilities.

CDM Agency Dashboard Micro-Learn Videos

These short (3–10 minutes) CDM Agency Dashboard videos will provide a foundation level of knowledge and background to help dashboard end users prepare for in-person training demonstrations and hands-on activities, as well as the new dashboard implementation.

  • CDM Agency Dashboard—Kibana User Interface
  • CDM Agency Dashboard Architecture and Data Flow
  • CDM Agency Dashboard Data Structure and Schema
  • CDM Agency Dashboard—Understanding JSON Documents

Upcoming CDM Training Events

May 13, 2025
Other | Virtual/Online

Asset Management within the CDM Agency Dashboard

May 29, 2025
Other | Virtual/Online

Vulnerability and Risk Management with the CDM Agency Dashboard

Jun 03, 2025
Other | Virtual/Online

CDM Agency Dashboard Role-Based Training - System Security Analyst

Jun 12, 2025
Other | Virtual/Online

CDM & Federal Mandates - How to Use the CDM Dashboard to Enable Automated BOD 22-01 Reporting

Incident Response Training

CISA offers no-cost cybersecurity Incident Response (IR) Training series with a range of offerings for beginner and intermediate cybersecurity analysts, including basic cybersecurity awareness, best practices for organizations, and facilitated lab activities. Course types include Awareness Webinars (100-level) and Cyber Range (200-level) Training. To learn more about CISA’s IR Training Program, please visit Incident Response Training | CISA.

Contact Information

To ask a question or provide other feedback on CDM training, contact us at CyberInsights@cisa.dhs.gov. For CDM Knowledge Base Access, register at https://maestro.dhs.gov/register/component/CISA  or contact your agency system integrator for access.

CyberInsights@cisa.dhs.gov

CISA Resources

Continuous Diagnostics and Mitigation (CDM) Program

Cybersecurity Training & Exercises

Cyber Hygiene Services

Free Cybersecurity Services & Tools

CISA Cybersecurity Awareness Program

Alerts

Bulletins

Tags

Topics: Cybersecurity Best Practices
Return to top
  • Topics
  • Spotlight
  • Resources & Tools
  • News & Events
  • Careers
  • About
Cybersecurity & Infrastructure Security Agency
  • Facebook
  • X
  • LinkedIn
  • YouTube
  • Instagram
  • RSS
CISA Central 1-844-Say-CISA SayCISA@cisa.dhs.gov
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
  • About CISA
  • Budget and Performance
  • DHS.gov
  • FOIA Requests
  • No FEAR Act
  • Office of Inspector General
  • Privacy Policy
  • Subscribe
  • The White House
  • USA.gov
  • Website Feedback