Agency-Wide Adaptive Risk Enumeration (AWARE)

Addressing the Worst Problems First

Agency-Wide Adaptive Risk Enumeration (AWARE) is CDM’s risk-scoring methodology. It provides participating agencies with enhanced situational awareness of cyber risk and enables timely remediation of threats and vulnerabilities while addressing the worst problems first.

AWARE addresses a mix of factors affecting cybersecurity, including vulnerability type, how long the vulnerability existed, and where the vulnerability occurs.

Currently, AWARE measures each agency’s overall cybersecurity posture. As AWARE matures, the CDM Program will develop a system-level approach, exploring how each system within the agency is doing, the FISMA level, and how agencies are performing with a variety of activities such as multifactor authentication and threat intelligence.