Tag Archives: Continuous Diagnostics and Mitigation

The Department of Homeland Security’s (DHS) office of inspector general (OIG) has recommended that the chief information security officer update DHS’ plan for the Continuous Diagnostics and Mitigation (CDM) program to demonstrate how the department will transition to a scalable CDM platform, ensure that components utilize tools to collect CDM data and integrate component data.

Kevin Cox, Continuous Diagnostics and Mitigation (CDM) program manager at the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA), said the program management office is on schedule to implement the CDM dashboard and related capabilities at 23 CFO Act agencies by the end of fiscal year 2021.

The Cybersecurity and Infrastructure Security Agency (CISA) is working with several agencies and departments on pilot programs to determine whether it is feasible to aggregate cloud logs into a system that could help CISA analyze data and identify cyber threats. 

Sen. Gary Peters, D-Mich., chairman of the Senate Homeland Security and Governmental Affairs Committee, and Sen. Rob Portman, R-Ohio., ranking member of the Senate panel, have asked the federal government to provide information on its response to cyberattacks involving SolarWinds Orion and Microsoft Exchange. Portman and Peters asked DeRusha to provide information on the government’s current federal cybersecurity strategy

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a supplemental direction to help agencies use new tools for identifying vulnerabilities in their Microsoft Exchange Servers. CISA said Wednesday that the emergency directive recommends agencies to use the Microsoft Safety Scanner or Microsoft Support Emergency Response Tool (MSERT) as well as the Test-ProxyLogon.ps1 script.

The Cybersecurity and Infrastructure Security Agency (CISA) has earmarked $650 million from its  American Rescue Plan Act funding to transition its EINSTEIN threat intelligence system to various programs. The agency is additionally working to complete the Continuous Diagnostics and Mitigation (CDM) effort’s phases one and two which are slated to conclude in 2021. 

The Cybersecurity and Infrastructure Security Agency (CISA) plans to provide in 2021 an updated Continuous Diagnostics and Mitigation (CDM) program that could help reduce reporting requirements for agencies while helping them improve security. Judy Baltensperger said most of the pilot agencies have moved their infrastructure to the cloud and that data quality certification will likely be carried out by the summer of 2021.

Russell Vought, director of the Office of Management and Budget (OMB), has issued a memo detailing reporting requirements and deadlines for agencies in fiscal year 2021 in compliance with the Federal Information Security Modernization Act (FISMA) of 2014. Vought said the updated FISMA guidance directs agencies to report to OMB the status of their data security programs. 

Karen Evans, chief information officer at the Department of Homeland Security (DHS), said DHS is merging its security and network operations centers to keep systems operational as analysts respond and investigate a cyber incident. She said DHS is considering ways how to staff the newly formed network operations security center with federal and contract employees. 

The Cybersecurity and Infrastructure Security Agency (CISA) has released an update to its action plan for strengthening federal cybersecurity in fiscal years 2020 through 2021. The initiative was led by Matthew Travis, the deputy director of CISA. CISA also cited evolving threat landscapes and limitations in cloud, network and encryption capabilities as challenges.