Updated CISA Federal Cybersecurity Strategy Directs Improved CDM Scores Through FY 2021

Updated CISA Federal Cybersecurity Strategy Directs Improved CDM Scores Through FY 2021
Emotet Malware

The Cybersecurity and Infrastructure Security Agency (CISA) has released an update to its action plan for strengthening federal cybersecurity in fiscal years 2020 through 2021. The initiative was led by Matthew Travis, the deputy director of CISA.

The Department of Homeland Security (DHS) component said in the report that it seeks to prevent 75 percent of identified “critical and high configuration-based vulnerabilities” across federal agencies by Sept. 30th, 2021.

CISA is also directing agencies to have “reliable” scores on the adaptive risk enumeration (AWARE) algorithm under the Continuous Diagnostics and Mitigation (CDM) program by the end of the fourth quarter of FY 2020.

Kevin Cox, program manager for the CDM effort, previously said at an industry event that the program’s AWARE assessment is meant to “quantify the aggregate number of opportunities for an adversary” and help agencies identify priorities for reducing their attack surface.

The updated action plan includes strategies such as increasing enterprise-wide risk posture awareness, providing tools and assistance for CDM compliance, managing malicious incidents and detecting malicious traffic for incident response.

CISA also cited evolving threat landscapes and limitations in cloud, network and encryption capabilities as challenges that agencies face in strengthening their security postures.

The agency has prevented 77 percent of known vulnerabilities through approaches like cyber hygiene scanning. However, the agency needs to focus on mitigating high value asset risks, according to the report.

You may also be interested in...

Merel Ekelhof

Merel Ekelhof Joins JAIC as Foreign Exchange Officer; Lt. General Michael Groen Quoted

Merel Ekelhof, formerly an artificial intelligence innovation manager at the Defense Materiel Organization Joint IV Commando in the Netherlands, has been appointed foreign exchange officer at the Department of Defense's (DoD) Joint Artificial Intelligence Center (JAIC). Ekelhof will handle issues on AI ethics, policy, governance and international partnerships as part of the center's strategy and policy team.