Blog Cloud Enablement

Strengthen Cloud Infrastructure & Security with the CDM Program

Tim Hazard

3 min read

Last updated on August 31st, 2022 at 4:45pm

What Is CDM?

The Continuous Diagnostics and Mitigation (CDM) cloud program is a United States government cybersecurity initiative led by the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA).

CDM aims to:

  • Reduce agency threat surface
  • Increase visibility into the federal cybersecurity posture
  • Improve federal cybersecurity response capabilities
  • Streamline Federal Information Security Modernization Act (FISMA) reporting

Why Does CDM Have Four Phases?

To help agencies improve their cybersecurity posture, CISA defined four phases for agencies and private organizations to use as a model for their cybersecurity strategy.

When it comes to security in the cloud, there’s room for increased focus. Agencies are expanding cloud procurements, but there is still significant confusion over governance and risk management of cloud infrastructure. Agencies may have solutions in place for operating system or database protection, but miss key requirements around protecting overall infrastructure.

Breakdown of the Four Phases of CDM

Key Questions Agencies Must Address Across the Four Phases of CDM


Cloud Infrastructure Questions

What is on the Network?

• What cloud resources exist across all your cloud service provider environments?
• Who owns these resources and who is accountable for them?
• Are they set up and configured securely and in compliance with your organization’s policies?

Who is on the Network?

• Which users have access to your cloud resources?
• Have these users been extended least privileges?

What is happening on the Network?

• How is data flowing through your cloud environments?
• Are interactions being monitored on a continual basis?

How is Data Protected?

• What mechanisms have been put in place to ensure data is secure and cloud resources are continuously monitored to prevent security vulnerabilities?

How Helps with CDM for Cloud Security

From the moment cloud resources are provisioned until these resources are retired, a strong security posture is vital. From storage buckets and virtual instances to background services and logging, all cloud resources must be monitored and governed in a scalable, repeatable, and reportable way.

In addition to the management of an extensive array of services, users and user access must be carefully created and monitored. Personnel with a variety of skillsets – and levels of access - can make it difficult to keep track of who has permission to do what. Working across multiple cloud providers only compounds issues.

Through a single pane of glass, can automate account creation, apply and enforce policy, manage access control, provide financial reporting and actionable budget enforcements, and scan for continuous compliance across your cloud infrastructure. With out-of-the box policies and scans for NIST 800-53 Low/Moderate/High, NIST 800-171, CMMC L3, and CIS 1.2, agencies use to quickly achieve a strong security and continuous compliance posture across multiple clouds. is a DHS-approved product that provides the core functionality needed to achieve the CDM cloud infrastructure security requirements across all phases. Using, agencies have a complete 360-degree solution to prevent, detect, report, and remediate across their cloud infrastructure.

Use to succeed with CDM is a DHS-approved solution designed to help government agencies meet their CDM requirements for securing and continuously monitoring their cloud resources. Ready to get started? Request a demo with a member of our team to start taking advantage of the CDM program – with a bit of help from

Download PDF

About the Author

Tim Hazard

Tim is the director of Kion's federal sales division.

Kion Newsletter

Start your cloud enablement journey.

Request a demo today,