Tag Archives: Continuous Diagnostics and Mitigation

Sens. Maggie Hassan, D-N.H., and John Cornyn, R-Texas, unveiled a bill enacting a Department of Homeland Security program offering federal agencies a wide range of cybersecurity tools to continuously monitor government networks. The Advancing Cybersecurity Continuing Diagnostics and Mitigation Act would expand the availability of CDM platforms at the federal, state and local levels as well as create data-based risk and incident reporting policies, Hassan's office said Tuesday. 

Jeanette Manfra, a top official at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, said CISA is changing the way federal agencies address cyber threats by implementing an enterprise-based approach to cybersecurity, Nextgov reported Friday.

The House Appropriations Committee passed a bill to authorize approximately $2 billion in fiscal year 2020 for the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, reflecting a $408 million increase from the president’s budget request, FCW reported Tuesday.

A NASA official said the space agency has transformed its cybersecurity posture since it implemented the Department of Homeland Security’s Continuous Diagnostics and Mitigation program in 2016, Nextgov reported Wednesday. CDM “has tremendously helped NASA not only implement certain tools across the agency, but it’s also helped change and it is changing the culture and the discussion around cybersecurity overall,” Willie Crenshaw, program executive for CDM and risk management at NASA, said Wednesday at an FCW-hosted event.

The Office of Management and Budget issued a memorandum updating the identity, credential and access management policy for federal agencies. Agencies should transition their ICAM strategies and platforms from the levels of assurance model towards a new framework “informed by risk management perspectives, the federal resource accessed and outcomes aligned to agency missions,” according to the memo issued Tuesday by Russell Vought, acting OMB director. 

The Department of Labor will integrate a new algorithm into its continuous monitoring dashboard to identify and track vulnerabilities of the agency’s information technology assets, FedScoop reported Friday. The new Agency-Wide Adaptive Risk Enumeration tool was built under the Continuous Diagnostics and Mitigation program to monitor millions of assets across the entire federal government. 

The Department of Homeland Security will deploy a new algorithm built to monitor system vulnerabilities and baseline configuration settings across the federal government to give an agency an overall rating on its cyber hygiene, Nextgov reported Wednesday.

The Department of Homeland Security aims to develop an approach for government chief information security officers to assign and compare risk scores to agency networks, Federal News Network reported Friday.

The 2019 FISMA guidance now requires federal organizations to submit a justification memorandum to procure monitoring products and services not covered under CDM contracts.

The justification document must be sent to the CDM program management office, OMB resource management office and the Federal Chief Information Officer’s cybersecurity team.

OMB has also permitted the use of existing resources that align with CDM requirements but are not acquired through General Services Administration contracts.

The Office of Management and Budget has issued an updated guidance that outlines new Continuous Diagnostics and Mitigation program requirements for agencies to comply with the Federal Information Security Modernization Act of 2014, FedScoop reported Friday. The memo now directs agencies to submit justification should they choose to buy continuous monitoring tools and capabilities outside of the General Services Administration’s IT Schedule 70 CDM tools special item number, CDM Dynamic and Evolving Federal Enterprise Network Defense and other contract vehicles.

The House of Representatives has unanimously passed a bill that would support the development of the Department of Homeland Security's Continuous Diagnostics and Mitigation program. The Advancing Cybersecurity Diagnostics and Mitigation Act would require the government to develop procedures for systemic cybersecurity risk reporting, regularly deploy new technologies and implement a strategy to grow the program, Rep. John Ratcliffe, R-Texas' office said Tuesday.