The Department of Homeland Security’s (DHS) office of inspector general (OIG) has recommended that the chief information security officer update DHS’ plan for the Continuous Diagnostics and Mitigation (CDM) program to demonstrate how the department will transition to a scalable CDM platform, ensure that components utilize tools to collect CDM data and integrate component data.
“As of March 2020, DHS had developed an internal CDM dashboard, but reported less than half of the required asset management data,” OIG wrote in a report issued Tuesday.
DHS was carrying out efforts to facilitate the integration and automation of the data collection process among its components and would need to upgrade its CDM dashboard to ensure it has the capacity to process data from components, according to the report.
“Until these capabilities are complete, the Department cannot leverage intended benefits of the dashboard to manage, prioritize, and respond to cyber risks in real-time,” the report reads.
The inspector general also urged DHS to mitigate vulnerabilities discovered on CDM databases and servers and define patch management responsibilities for such CDM information technology assets.
DHS agreed with the report’s recommendations. Once it has fully implemented the corrective actions, the department should submit to the IG’s office a closeout letter within 30 days.
If you want to know more about the latest updates about the Cybersecurity Maturity Model Certification, then check out Potomac Officers Club's CMMC Forum coming up on June 16th.
MMC Accreditation Body Chairman Karlton Johnson will serve as the keynote speaker for the Forum to provide his overview and vision of the CMMC Rollout as well as the top priorities for the board and how industry feedback will help to improve the vision behind how the organization develops for the first 100 days.
To register for this virtual forum and view other upcoming events, visit the POC Events page.
