CISA Adapts the CDM Program to Support Cyber Directives

The Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security (DHS) has been working to update the Continuous Diagnostics and Mitigation (CDM) program to better align with and support the federal zero trust security strategy and other elements of the 2021 White House Executive Order on Improving the Nation’s Cybersecurity (EO 14028).

CDM Modernization Efforts

Over the course of FY 2022, CISA has been working with agencies to update their data-sharing operational agreements with the CDM program to provide centralized visibility into activity on agency networks. CISA expected most federal agencies to be connected to CDM dashboards by the end of FY 2022.

In addition, CISA has taken several other steps to modernize the program to keep pace with evolving federal cybersecurity needs, including:

• Modern Access Controls: CISA has been modernizing the CDM privileged access management (PAM) tool offerings to adapt beyond legacy environments and into the cloud, to help agencies fill gaps in their PAM capabilities and manage their users and devices. CISA is also pursuing single sign-on technologies and forms of advanced authentication that operate on modern protocols and offer greater automation to address the increase of machine-to- machine (M2M) and IoT devices. 
• IT Asset Inventories: Under the Devices pillar in OMB’s zero trust strategy released in January 2022, OMB directed agencies to use the CDM program to create and submit reliable asset inventories of their devices, users, and systems. CISA is encouraging agencies to invest in automated asset management capabilities to improve data fidelity and resource challenges from manual processes. CISA’s October 2022 Binding Operational Directive (BOD) 23-01 requires agencies to enable weekly and ad-hoc automated asset discovery capabilities by April 3, 2023. 
• Endpoint Detection and Response (EDR): OMB also directed agencies to work with CISA to effectively deploy EDR tools and to establish information-sharing capabilities with CISA, which has been helping agencies determine their defensive structure and select the proper EDR tools to share data with CISA. In October 2022, CISA established persistent access to agencies’ EDR tools, which allows CISA to do collaborative threat hunting with agencies.
• Vulnerability Remediation and Monitoring: Agencies have been directed to remediate known exploited vulnerabilities cataloged by CISA, as well as establish automated vulnerability discovery and enumeration data reporting with CISA to aid in enterprise threat monitoring via CDM. CISA has been working with agencies to integrate vulnerability data into the CDM Dashboard to automate oversight and monitoring of agency scanning performance.

By all indications, CDM will continue to remain an integral part of the federal cyber landscape for the foreseeable future. In July, OMB issued a memo to federal civilian agencies outlining cross-agency cyber investment priorities to inform their FY 2024 budgets, priorities which include leveraging modern security solutions via the CDM program.