U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


  1. Home
  2. News
  3. Publication Library
  4. DHS/CISA/PIA-030 Continuous Diagnostics and Mitigation (CDM)

DHS/CISA/PIA-030 Continuous Diagnostics and Mitigation (CDM)


The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Cybersecurity Division (CSD) developed the Continuous Diagnostics and Mitigation (CDM) program to support government-wide and agency-specific efforts to implement adequate, risk-based, and cost-effective cybersecurity. CDM provides continuous monitoring, diagnostics, and mitigation tools and services to strengthen the security posture of participating federal civilian departments and agencies’ systems and networks through the establishment of a suite of capabilities that enables network security officials and administrators to know the state of their respective networks at any given time, informs Chief Information Officers (CIO) and Chief Information Security Officers (CISO) on the relative risks of threats, and makes it possible for government personnel to identify and mitigate vulnerabilities. This PIA Update is being conducted to assess the privacy risks related to the CDM Shared Service Platform, which makes CDM capabilities available for use by non-Chief Financial Officer (CFO) Act agencies. The Shared Service Platform is provided to non-CFO Act agencies using a third-party contractor to CISA that connects the agency’s network(s) to the platform. Additionally, this PIA Update examines the CDM Agency-Wide Adaptive Risk Enumeration (AWARE) capability. The CDM AWARE capability allows participating agencies to better assess and prioritize cybersecurity risks by assigning a risk score to agency vulnerabilities. December 2019

Associated SORN(s):

  • DHS/ALL-004 General Information Technology Access Account Records System (GITAARS)
  • SORN coverage is provided by the department or agency that subscribes to CDM as a service, if needed
Attachment Ext. Size Date
DHS/CISA/PIA-030(a) Continuous Diagnostics and Mitigation (CDM) - December 2019 PDF 336.02 KB
DHS/NPPD/PIA-030 Continuous Diagnostics and Mitigation (CDM) - September 2016 PDF 239.11 KB
Last Updated: 03/31/2023
Was this page helpful?
This page was not helpful because the content