A NASA official said the space agency has transformed its cybersecurity posture since it implemented the Department of Homeland Security’s Continuous Diagnostics and Mitigation program in 2016, Nextgov reported Wednesday. CDM “has tremendously helped NASA not only implement certain tools across the agency, but it’s also helped change and it is changing the culture and the discussion around cybersecurity overall,” Willie Crenshaw, program executive for CDM and risk management at NASA, said Wednesday at an FCW-hosted event.Read More »
The Office of Management and Budget issued a memorandum updating the identity, credential and access management policy for federal agencies. Agencies should transition their ICAM strategies and platforms from the levels of assurance model towards a new framework “informed by risk management perspectives, the federal resource accessed and outcomes aligned to agency missions,” according to the memo issued Tuesday by Russell Vought, acting OMB director.Read More »
The Department of Labor will integrate a new algorithm into its continuous monitoring dashboard to identify and track vulnerabilities of the agency’s information technology assets, FedScoop reported Friday. The new Agency-Wide Adaptive Risk Enumeration tool was built under the Continuous Diagnostics and Mitigation program to monitor millions of assets across the entire federal government.Read More »
The head of the Department of Homeland Security’s Continuous Diagnostics and Mitigation Program has said that the CDM team seeks to collaborate with client federal agencies to determine cybersecurity solutions appropriate to their unique organizational requirements. CDM Program Manager Kevin Cox told Federal News Network in a recent interview that “we want to make sure we are working with the agencies to understand” what they need to strengthen their systems and networks against cyber threats and “in the long run meet those requirements,” Federal News Network reported Wednesday.Read More »
The Department of Homeland Security aims to develop an approach for government chief information security officers to assign and compare risk scores to agency networks, Federal News Network reported Friday.
The 2019 FISMA guidance now requires federal organizations to submit a justification memorandum to procure monitoring products and services not covered under CDM contracts.
The justification document must be sent to the CDM program management office, OMB resource management office and the Federal Chief Information Officer’s cybersecurity team.
OMB has also permitted the use of existing resources that align with CDM requirements but are not acquired through General Services Administration contracts.
The Office of Management and Budget has issued an updated guidance that outlines new Continuous Diagnostics and Mitigation program requirements for agencies to comply with the Federal Information Security Modernization Act of 2014, FedScoop reported Friday. The memo now directs agencies to submit justification should they choose to buy continuous monitoring tools and capabilities outside of the General Services Administration’s IT Schedule 70 CDM tools special item number, CDM Dynamic and Evolving Federal Enterprise Network Defense and other contract vehicles.Read More »
The House of Representatives has unanimously passed a bill that would support the development of the Department of Homeland Security's Continuous Diagnostics and Mitigation program. The Advancing Cybersecurity Diagnostics and Mitigation Act would require the government to develop procedures for systemic cybersecurity risk reporting, regularly deploy new technologies and implement a strategy to grow the program, Rep. John Ratcliffe, R-Texas' office said Tuesday.Read More »