Raven Hall
The cyber-attack surface has exploded to include more than just hardware and on premises devices. This can make implementing CDM and achieving success even more difficult — one of the most common challenges has always been finding the time and resources to do so.
So how are agency cyber leaders keeping up?
While the Cybersecurity and Infrastructure Security Agency’s Continuous Diagnostics and Mitigation (CDM) program is now a dozen years old, it has always been intended as a comprehensive, risk-based security approach that enables federal agencies to quickly address threats in their environment.
For instance, CISA is looking to expand the program into providing tools to protect devices in the Internet of Things (IoT) and operations technology (OT) that historically had not been connected to the internet but now are rapidly being made more accessible.
Another way the CDM program is evolving is by becoming more modular and “more of a data-centric type of activity beyond just a toolset activity,” according to Richard Grabowski, the CDM deputy program manager. And cybersecurity professionals and technology asset managers alike should be aware of CDM Vulnerability Management (VUL) Capability.