In 2013, the Department of Homeland Security (DHS) introduced the Continuous Diagnostics and Mitigation (CDM) program. The CDM program set the standard for federal agency cybersecurity. The objectives of the program are to reduce agency threat surface, improve Federal cybersecurity response capabilities, increase visibility into the Federal cybersecurity posture, and streamline Federal Information Security Modernization Act (FISMA). To meet these goals the program provides cybersecurity tools, integration services, and dashboards to participating agencies to support them in improving their respective security posture.
However, a new bill, The Advancing Cybersecurity Diagnostics and Mitigation Act, aims to codify the standards put forth in the CDM program. Representatives John Ratcliffe and Ro Khanna introduced the bill to Congress on 09/04/2019. It is on motion to be passed as amended, agreed to verbally.
The bill requires that the CDM program not only be available to federal agencies, but also state, local, and tribal governments. It also allocates the need for the CDM program to handle cyber-threats in near-real time.
Ratcliffe’s response to the new bill was: “As cyber-threats continue to increase in frequency and complexity, we must constantly work to enhance our nation’s cyber-defense capabilities.” As cyber-threats continue to increase in number and severity, every agency needs to work together to ensure the data security. Khanna went on to add, “The technology is there, we just have to ensure our agencies have the necessary tools to defend against hackers and cyber-threats. A strong CDM program will be instrumental in that effort.”
On 09/05/2019, the bill was introduced to The Senate by Senators Maggie Hassan and John Cornyn. After multiple reads, the bill was then referred to the Committee on Homeland Security and Governmental Affairs. The quick turn-around seems promising. Senator Hassan said : “I’m pleased that the House of Representatives is introducing their version of this critical bill, and I look forward to continuing to work on a bipartisan basis across the House and Senate to move this bill forward.”
TAKE AWAY
The point is that CDM can be a valuable program for securing any organization as evidenced by it moving toward law for all government organizations. It focuses on enabling critical cyber capabilities that should be in place at every organization where data and network security are important. Our products (along with Splunk) are integral in enabling the monitoring of these capabilities.