About the CDM Program
Whether to receive important health or emergency information or to check on the provision of essential government services, millions of Americans visit government websites every day. While increased connectivity has transformed and improved access to government, it also has increased the importance and complexity of our shared risk. The growing number of cyber attacks on Federal government networks is growing more sophisticated, aggressive, and dynamic. Government computer networks and systems contain information on national security, law enforcement, and other sensitive data, including information about federal employees and others. It is paramount that the government protects this information from theft and protects networks and systems from attacks while continually providing essential services to the public and protecting individual privacy, civil rights, and civil liberties.
The Continuous Diagnostics and Mitigation (CDM) program is a dynamic approach to fortifying the cybersecurity of computer networks and systems. As the department responsible for securing unclassified federal civilian government networks—the “dot-gov” domain—DHS coordinates the national response to significant cyber incidents and maintains a common operational picture for cyberspace across the government. Part of that responsibility includes network intrusion detection and prevention technology under a program known as Einstein. When both programs are implemented, they will provide complementary protections across the dot-gov domain, further protecting the government’s infrastructure and the nation’s data.
The CDM program provides capabilities and tools that enable network administrators to know the state of their respective networks at any given time, understand the relative risks and threats, and help system personnel to identify and mitigate flaws at near-network speed.
DHS established the CDM program to support government efforts to provide adequate, risk-based, and cost-effective cybersecurity. DHS works with partners across the entire Federal executive branch civilian government to deploy and maintain an array of sensors for hardware asset management, software asset management and whitelisting, vulnerability management, compliance setting management and feed data about an agency’s cybersecurity flaws and present those risks in an automated and continuously-updated dashboard. CDM, which will also be available for state and local entities as well as the defense industrial base sector, provides our stakeholders with the tools they need protect their networks and enhance their ability to see and counteract day-to-day cyber threats.
How CDM Works
The CDM program enables government entities to expand their continuous diagnostic capabilities by increasing their network sensor capacity, automating sensor collections, and prioritizing risk alerts. Within 72 hours, networks are completely diagnosed for known cyber flaws.
- First, agencies install and/or update their diagnostic sensors and the agency-installed sensors begin performing automated searches for known cyber flaws.
- Results are fed into enterprise-level dashboards that produce customized reports, alerting IT managers to the most critical cyber risks, enabling them to readily identify which network security issues to address first, thus enhancing the overall security posture of agency networks.
- Progress reports that track results can be shared within and among agencies. Summary information can feed into an enterprise-level dashboard to inform and prioritize ongoing cyber risk assessments.
Continuous Diagnostics and Mitigation Process