Continuous Diagnostics and Monitoring: Filling the cybersecurity breach


In September 2013, the Department of Homeland Security and the General Services Administration began a new era in federal information security with the launch of the Continuous Diagnostics and Monitoring program. CDM is designed to help agencies bolster their continuous monitoring programs by providing easy access to essential tools and services. In the months ahead, this special report will provide government agencies with insights into the discipline of continuous monitoring and explain how to leverage the full benefits of the CDM program.

The CDM program is designed to take the concept of continuous monitoring one step further by creating a cybersecurity ecosphere that spans the dot-gov domain. Read More

The first phase of the DHS program has the potential to help many agencies to deal with many cyberattacks, but agencies need to keep in mind the broader set of FISMA requirements. Read More

Solutions are emerging that will help agencies deal with the complexities involved with enterprise-level monitoring initiatives. Read More

The Department of Homeland Security’s Continuous Diagnostics and Mitigation (CDM) program emphasizes the importance of both agency- and federal-level dashboards as a way to identify vulnerabilities that must be addressed. Read More

GSA, which manages the Continuous Monitoring-as-a-Service contracts, is looking to provide agencies with all the resources they need to make their CDM initiatives a success.Read More

Recommended Reading

Continuous Monitoring-as-a-Service: An Overview
GSA provides an executive summary of its CDM-related contract offerings, including facts and features and basic information on ordering through the CMaaS blanket purchase agreements.
A CMaaS ordering guide
This guide, from October 2013, details the products and services being offered through the CMaaS BPAs, the companies who have been awarded BPAs, and the available options for purchasing CDM products and/or services.
CDM Frequently Asked Questions
GSA addresses key questions about CDM, its implementation, its relevance to compliance requirements and other topics.
GAO’s latest report to Congress on federal information security
This September 2013 study found that agencies have made some progress on improving security but that much work remains to be done.
Guidelines for continuous monitoring
The National Institute of Standards and Technology offers some pointers on developing a comprehensive continuous monitoring strategy (NIST Special Publication 800-137).
OMB memo: Enhancing the Security of Federal Information and Information Systems
OMB supplements NIST guidelines with more specific direction and timelimes for implementing continuous monitoring.