Last updated on May 17th, 2023 at 1:44pm
What Is CDM?
The Continuous Diagnostics and Mitigation (CDM) cloud program is a United States government cybersecurity initiative led by the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA).The CDM program provides federal civilian departments and agencies with a suite of capabilities that enable network security officials and administrators to continuously monitor, diagnose, and mitigate cybersecurity risks in real-time.
The CDM program's capabilities include the collection and analysis of data from network sensors, tools, and services that provide continuous monitoring, diagnostics, and mitigation. This data is used to inform Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs) of the relative risks of threats and vulnerabilities to their networks. The program also provides a dashboard that allows network security professionals to view customized reports and alerts that prioritize risk levels and vulnerabilities.
The goal of the CDM program is to strengthen the cybersecurity posture of federal civilian departments and agencies by improving their ability to identify and mitigate cybersecurity risks in real-time. By providing continuous monitoring and diagnostics, CDM helps federal agencies to identify potential vulnerabilities and mitigate risks before they can be exploited by cyber attackers. The CDM program is an essential tool for network security professionals, CISOs, and CIOs, enabling them to protect sensitive government information from cyber threats.
CDM is critical not only to federal agencies but also to vendors working with the government. Vendors must meet strict cybersecurity standards to work with federal agencies, and the CDM program provides a framework for them to do so. By following the program's guidelines, vendors can ensure that their products meet federal cybersecurity requirements, which makes them more attractive to federal agencies.
CDM aims to:
- Reduce agency threat surface
- Increase visibility into the federal cybersecurity posture
- Improve federal cybersecurity response capabilities
- Streamline Federal Information Security Modernization Act (FISMA) reporting
Why Does CDM Have Four Phases?
To help agencies improve their cybersecurity posture, CISA defined four phases for agencies and private organizations to use as a model for their cybersecurity strategy.
When it comes to security in the cloud, there’s room for increased focus. Agencies are expanding cloud procurements, but there is still significant confusion over governance and risk management of cloud infrastructure. Agencies may have solutions in place for operating system or database protection, but miss key requirements around protecting overall infrastructure.
Breakdown of the Four Phases of CDM
What are the Expectations and Requirements of the Four CDM Phases?
The CDM program defines four phases to guide agencies through their cybersecurity strategy.
Phase 1: What is on the Network?
In Phase 1, agencies must catalog and list the basic details of hardware, software, and configurations on their networks. This includes hardware asset management (HWAM), software asset management (SWAM), configuration settings management (CSM), and vulnerability management (VUL).
Phase 2: Who is on the Network?
Phase 2 is focused on user accounts and how they interact with and use the agency’s network. This includes managing privileges (PRIV), managing trust in people granted access (TRUST), managing credentials and authentication (CRED), and managing security-related behavior (BEHAVE).
Phase 3: What is Happening on the Network?
In Phase 3, agencies need to monitor network and perimeter components, host and device components, data at rest and in transit, and user behavior and activities. This includes managing events (MNGEVT), operating, monitoring, and improving (OMI), designing and building-in security (DBS), boundary protection (BOUND), and supply chain risk management (SCRM).
Phase 4: How is Data Protected?
In Phase 4, agencies must enable several data protections, including data discovery/classification (DISC), data protection (PROT), data loss prevention (DLP), data breach/spillage mitigation (MIT), and information rights management (IRM).To support these phases, the CDM program provides cybersecurity tools, integration services, and dashboards to participating agencies.
Key Questions Agencies Must Address Across the Four Phases of CDM
Cloud Infrastructure Questions
What is on the Network?
• What cloud resources exist across all your cloud service provider environments?
• Who owns these resources and who is accountable for them?
• Are they set up and configured securely and in compliance with your organization’s policies?
Who is on the Network?
• Which users have access to your cloud resources?
• Have these users been extended least privileges?
What is happening on the Network?
• How is data flowing through your cloud environments?
• Are interactions being monitored on a continual basis?
How is Data Protected?
• What mechanisms have been put in place to ensure data is secure and cloud resources are continuously monitored to prevent security vulnerabilities?
How cloudtamer.io Helps with CDM for Cloud Security
From the moment cloud resources are provisioned until these resources are retired, a strong security posture is vital. From storage buckets and virtual instances to background services and logging, all cloud resources must be monitored and governed in a scalable, repeatable, and reportable way.
In addition to the management of an extensive array of services, users and user access must be carefully created and monitored. Personnel with a variety of skillsets – and levels of access - can make it difficult to keep track of who has permission to do what. Working across multiple cloud providers only compounds issues.
Through a single pane of glass, cloudtamer.io can automate account creation, apply and enforce policy, manage access control, provide financial reporting and actionable budget enforcements, and scan for continuous compliance across your cloud infrastructure. With out-of-the box policies and scans for NIST 800-53 Low/Moderate/High, NIST 800-171, CMMC L3, and CIS 1.2, agencies use cloudtamer.io to quickly achieve a strong security and continuous compliance posture across multiple clouds.
cloudtamer.io is a DHS-approved product that provides the core functionality needed to achieve the CDM cloud infrastructure security requirements across all phases. Using cloudtamer.io, agencies have a complete 360-degree solution to prevent, detect, report, and remediate across their cloud infrastructure.
Use cloudtamer.io to succeed with CDM
cloudtamer.io is a DHS-approved solution designed to help government agencies meet their CDM requirements for securing and continuously monitoring their cloud resources. Ready to get started? Request a demo with a member of our team to start taking advantage of the CDM program – with a bit of help from cloudtamer.io.