The Continuous Diagnostics and Mitigation Program (CDM) last week held its first data exchange between the Federal CDM dashboard and an agency dashboard.

All of the CFO Federal agencies have agency dashboards to comply with the CDM program, and the Federal dashboard is in production, according to Kevin Cox, CDM program manager for Network Security Development, at the Department of Homeland Security.

Join MeriTalk on Nov. 8 for a half-day forum to get the inside track from data visionaries on how to accelerate agency digital transformation, and learn how hybrid cloud is powering digital transformation. Click here to learn more and register.

“This isn’t just a DHS program,” Cox said at FCW’s Big Issues Conference on Nov. 1. “This is a program of us working with the agencies.”

The CDM Federal dashboard will pool the data from agency dashboards so that the Federal government can have an interagency view of the government’s cybersecurity posture. When the Federal dashboard detects a problem from its sensors in one of the agencies’ networks, the dashboards should be able to communicate with one another in order to resolve the problem. In the initial stages, the CDM program is working with a wave of five agencies to test the dashboards’ capabilities.

CDM is moving into Phase 3 of the program, which will require agencies to understand what the boundaries of their networks look like. Phase 1 required agencies to understand what was located on their networks, Phase 2 required agencies to understand who has access to what data, and Phase 4 will require agencies to understand how their data is protected.

“Ultimately we want to keep attackers off the network altogether,” Cox said.

After the White House released its IT Modernization Report, the CDM program has been waiting for more information before it acquires certain technologies that might not go along with the White House’s new goals.

“What is the proposed approach for the Federal architecture going to be?” Cox said.

However, Cox said that the CDM program continues to work on how to optimize incident response, how to approach cloud security differently from data center security, and how to interact with mobile device management at agencies to give them visibility.

“What we have to be careful of with Phase 3 is that we’re not trying to boil the ocean,” Cox said.

Read More About
About
Morgan Lynch
Morgan Lynch
Morgan Lynch is a Staff Reporter for MeriTalk covering Federal IT and K-12 Education.
Tags