A new award will attempt to refashion the dashboard to better incorporate emerging technologies and make better use of the "treasure trove" of data created through CDM.
The Department of Homeland Security expects to award a contract shortly for a new Continuous Diagnostics and Mitigation program dashboard that will lay the groundwork for the program to take advantage of artificial intelligence and machine learning capabilities down the road.
At a May 22 FCW event, CDM Program Manager Kevin Cox said the new award, expected to be announced "within the next few days," will attempt to refashion the dashboard to better incorporate emerging technologies and improve the use of the "treasure trove" of data created through CDM.
"It's going to take us a few years to get everything in place, but this is what's going to enable us to get to the more advanced capabilities," said Cox. "Being able to bring in machine learning to interact with the data and get additional value for the agencies, bringing in AI to write the algorithms to really expand out what we can do with the data. Because we do really have a treasure trove of data here, not just from a security standpoint but also from an operational standpoint."
DHS spent much of last year working to get larger agencies hooked up to the federal dashboard, while spending much of this year onboarding smaller, non-CFO Act agencies.
The contract will also help better integrate and feed data into AWARE, the new risk-scoring algorithm that DHS will use to evaluate the cybersecurity posture of participating agencies. That algorithm will undergo a soft launch in October, measuring things like vulnerability management, patching and configuration, and Cox has said the ultimate goal is to pull more detailed metrics in at some point in the future.
An April shared services memo put out by the Office of Management and Budget will not directly affect the CDM program, Cox said, but the program "aligns" with the memo's intent and could be called upon to support future cybersecurity shared service initiatives.
The April 26 memo established DHS as the lead Quality Service Management Office for cybersecurity shared services, and while broader efforts will likely require a separate task order vehicle, the department is looking at CDM and its shared services program for small and micro agencies for lessons learned and future ideas.
"One that's commonly discussed is [security operations center]-as-a-service and where the federal government wants to go with that," he said. "We're part of that conversation, we're at the table in terms of where can CDM help with that type of offering and likewise future offerings as well."