Continuous Diagnostics and Mitigation (CDM) Program Manager Kevin Cox said Sept. 9 that his office’s high-level aims for Fiscal Year 2021 feature an extensive menu of goals – fuller “operationalization” of CDM data, progress on installing the latest version of the CDM dashboard at the agency and Federal levels, and helping agencies to better understand and handle security for data in the cloud and from mobile services.
“We really want to ensure in FY21 the full operationalization of the CDM data, and getting the new dashboard in place,” Cox said at the Billington CyberSecurity Summit. “That will really show the promise of the whole CDM effort,” he said.
Explaining the data operationalization goal, Cox said, “We want to make sure the data coming up from [agency network] sensors and scanners has good reliability, and is reported in a timely fashion … so that agencies can rely on it to make decisions.” He added, “that’s a big initiative for us … that will be continuing into FY21, but the approach is in place.”
The latest generation of CDM dashboard technology is being rolled out currently to “initial agencies,” Cox said, in addition to deployment of the new Federal-level dashboard that provides a view for the Cybersecurity and Infrastructure Security Agency (CISA) of all individual agency CDM data.
In addition, Cox said the program office will continue to work with some Federal agencies on filling gaps in asset management capabilities, and on identity and access management to make sure agencies can properly manage who has access to their systems.
On the CDM program’s network security capability efforts, he said his office has been conducting cloud infrastructure pilots with some Federal agencies. Likewise, on the data protection management capability, the program office is in the process of “getting some data loss prevention capabilities in place” for high-value assets at select agencies, Cox said.
On the cloud and mobile front, Cox said his office wants to work with Federal agencies to get the “right” security solutions for data from those systems, and “gracefully” bring continuous data monitoring abilities to those to help agencies manage their risk.
Cox reiterated that the CDM program has been able to continue its work with Federal agencies at a steady pace despite the impacts of the coronavirus pandemic.
“When the pandemic started, and government agencies went to a remote work posture, we assessed overall risk of the program,” and the ability to continue the program office’s work, Cox said. Since then, he said, “we have been able to continue most all of the work from a remote perspective,” working with system integrators “to do a lot of the deployments and configurations remotely.”
That regular CDM program work continued even as the program office helped some agencies deploy capabilities more quickly to combat increases in malicious threats, Cox said. “Overall we have been able to stay aiming forward” with the CDM program, “and we continue to do so to this day,” he said.