With the Continuous Diagnostics and Mitigation (CDM) Program – one of the Cybersecurity and Infrastructure Security Agency’s (CISA) top security efforts for Federal agencies – hitting its 11-year anniversary, Program Manager Matt House last week discussed some of the program’s major priorities for fiscal year 2024.
House talked about program plans and goals during an online webinar hosted by the Digital Government Institute (DGI) on Nov. 2.
The CDM program provides Federal agencies with tools to monitor vulnerabilities and threats in their IT systems in near real-time. The program also provides agencies with a dashboard for tracking IT data, while also feeding agencies into a Federal Dashboard that gives CISA and the Office of Management and Budget (OMB) visibility across agency networks.
Discussing the FY2024 goals, House said, “some of this is a continuation from an asset management perspective at a high level that’s driving parity for asset [management], and for operational visibility across asset classes.”
He said the CDM program will be looking to move to a higher level of maturity when it comes to mobile devices, and “being in the zone for [them] to drive towards completion over the next probably two fiscal years.”
Other goals CISA will seek to achieve within the CDM program include more progress on privileged access management and identity lifecycle management, he said. “We’re going to be continuing our efforts that we have undertaken for the last couple of years… in particular [with] privileged access management and identity lifecycle management for those agencies that have identified gaps,” said House.
House also made it clear that the agency will be looking to move ahead with endpoint detection and response (EDR) goals, including “closing the gaps for those agencies that have endpoints still uncovered and onboarding as many agencies as possible into [their] persistent access capability.”
The program will also focus on increasing the value of agency dashboards for end users and agency counterparts.
“The way we’re going to do this is by leveraging some newer capabilities in version six that allow us to do what I’ll call effectively over-the-air updates to the dashboard that allow us to push out new visualizations over the air if you will, to agency dashboards in a very timely fashion,” said House.
The program also will focus on enabling more automated reporting of FISMA metrics. “That’s kind of an ongoing effort that we began in 23, [and] we will expand that in 24,” House said.
“It’s an exciting time for us in terms of some very tactical priorities for 24. They’re going to… pay dividends for us down the road,” the program manager said.