Rethinking the Role of Compliance

The Advancing Cyber Security Diagnostics and Mitigation Act

In 2013, the Department of Homeland Security (DHS) introduced the Continuous Diagnostics and Mitigation (CDM) program. The CDM program set the standard for federal agency cybersecurity. The objectives of the program are to reduce agency threat surface, improve Federal cybersecurity response capabilities, increase visibility into the Federal cybersecurity posture, and streamline Federal Information Security Modernization Act (FISMA). To meet these goals the program provides cybersecurity tools, integration services, and dashboards to participating agencies to support them in improving their respective security posture.

However, a new bill, The Advancing Cybersecurity Diagnostics and Mitigation Act, aims to codify the standards put forth in the CDM program. Representatives John Ratcliffe and Ro Khanna introduced the bill to Congress on 09/04/2019. It is on motion to be passed as amended, agreed to verbally.

The bill requires that the CDM program not only be available to federal agencies, but also state, local, and tribal governments. It also allocates the need for the CDM program to handle cyber-threats in near-real time.

Ratcliffe’s response to the new bill was: “As cyber-threats continue to increase in frequency and complexity, we must constantly work to enhance our nation’s cyber-defense capabilities.” As cyber-threats continue to increase in number and severity, every agency needs to work together to ensure the data security. Khanna went on to add, “The technology is there, we just have to ensure our agencies have the necessary tools to defend against hackers and cyber-threats. A strong CDM program will be instrumental in that effort.”

On 09/05/2019, the bill was introduced to The Senate by Senators Maggie Hassan and John Cornyn. After multiple reads, the bill was then referred to the Committee on Homeland Security and Governmental Affairs. The quick turn-around seems promising. Senator Hassan said : “I’m pleased that the House of Representatives is introducing their version of this critical bill, and I look forward to continuing to work on a bipartisan basis across the House and Senate to move this bill forward.”


The point is that CDM can be a valuable program for securing any organization as evidenced by it moving toward law for all government organizations.  It focuses on enabling critical cyber capabilities that should be in place at every organization where data and network security are important.  Our products (along with Splunk) are integral in enabling the monitoring of these capabilities.

Others have also read ...


Qmulos Enhances Q-Compliance Platform, Adds Support for CMMC Level 3 Requirements, NERC CIP, OSCAL Interoperability, NIST 800-53 Rev. 5 Migration Capabilities, and Creates Technical Add-Ons for OpenShift and Microsoft Azure

Qmulos announced significant updates to its flagship compliance automation platform, Q-Compliance. Q-Compliance V4.5.0, now generally available, features added support for the recently released CMMC level 3 compliance requirements; NERC CIP support for North American electric utility companies; and enhanced data migration capabilities to help security and risk management teams migrate NIST 800-53 rev. 4 objectives and results to rev. 5 objectives.

Read More »

Request a Demo

Learn how QMULOS can help your company grow by scheduling a demo with our team.