Modernizing the DHS Continuous Diagnostics and Mitigation Program

New acquisition strategy, legislation provide an opportunity to reassess program priorities and technology deployment.

More than five years after its creation, the US Department of Homeland Security (DHS) Continuous Diagnostics and Mitigation (CDM) Program continues to serve as a critical vehicle for enhancing federal civilian agency cybersecurity.

As a proud partner in Phase II of the CDM program, CA Technologies is providing Privileged Access Management (PAM) solutions to federal agencies to help them gain a better understanding of who is operating on their networks. CA is working with multiple agencies and departments to help them manage the access rights and authorizations of privileged users, including IT Administrators and other agency officials with heightened IT access.

DHS is set to implement a new acquisition strategy for the CDM program in August 2018. This renewal process provides an excellent opportunity to assess progress made towards CDM program priorities, gauge challenges associated with CDM program deployment, and develop recommendations and strategies for deployment.

“Advancing CDM” Bill Aims to Address Challenges

Congressman John Ratcliffe, Chairman of the House Homeland Cybersecurity and Infrastructure Protection Subcommittee, recently introduced H.R. 6443, the Advancing Cybersecurity Diagnostics and Mitigation Act, to both authorize and modernize the CDM program. The bill has passed the Committee and is awaiting action by the full House of Representatives. CA Technologies supports this bill because its requirements of strategic guidance and regular improvement will help DHS and federal civilian agencies focus on deployment and modern security approaches.

Deployment Remains Key

The Advancing CDM bill requires the program managers to develop a strategy, which includes a description of: DHS efforts to assist with program deployment; federal agency coordination required to deploy the program; and any obstacles facing agencies in program deployment.

CA Technologies has long called for accelerated CDM program deployment as this remains a key challenge today. A further challenge is that many agencies have secured the solutions themselves but not the services required to properly implement these solutions. The bill’s emphasis on addressing obstacles and challenges in program deployment can help address both of these challenges. Independent of the legislation, these challenges should be priorities for DHS under the new acquisition strategy.

Adopting New Security Approaches

CA Technologies applauds the bill’s requirement that the DHS Secretary regularly deploy new technologies and modify existing technologies, as appropriate, to improve the program. The bill recognizes the important role that data can play in securing IT infrastructure. It calls for using the data collected under the program for creating a common framework for data analytics, visualization of enterprise-wide risks and real-time reporting.

CA is a strong believer that leveraging data analytics can help organizations optimize user experiences, enhance productivity and strengthen security.

Congress recognizes the vital importance of cybersecurity, having appropriated more than $1 billion this year for DHS activities to protect federal civilian agencies against cyber threats. The CDM Program is a vital tool that DHS uses to accomplish this mission. This program must continue, but we also believe it can and should improve.

CA welcomes the introduction of the Advancing CDM Act, we congratulate Chairman Ratcliffe for his leadership on this issue, and we urge Congress to move this important legislation forward.

Download The Global State of Digital Trust Survey and Index 2018

About the author

As director of global government relations for CA Technologies, Jamie manages cyber security and Internet of Things policy. He also serves on the IT Sector Coordinating Council Executive Committee, the principal IT industry entity for coordinating with the federal government on critical infrastructure protection and cybersecurity. Jamie previously worked on the House Science Subcommittee on Research and Technology. Jamie has an MSc in social policy from LSE. He is also an avid Yankees fan.