The Continuous Diagnostics and Mitigation (CDM) Program – for several years a bedrock asset in the government’s bid to improve Federal agency cybersecurity – is having a decisive impact in furthering agency work on requirements of the Biden administration’s year-old Cybersecurity Executive Order (EO), new research findings from MeriTalk shows.
Long before the 2021 Cyber EO, the CDM program, run by Cybersecurity and Infrastructure Security Agency (CISA), led the charge for Federal agency network security improvements.
Installation of endpoint detection and response (EDR) capabilities on Federal networks and the Cyber EO’s directive to speed EDR capabilities are fundamental to the CDM program’s strategy.
MeriTalk derived its findings – which are underwritten by CyberArk, Ping Identity, and SteelCloud – from a March 2022 survey of 100 Federal and industry stakeholders involved with the CDM Program. They illuminated the tight connection between the two cybersecurity efforts:
- 93 percent say the CDM Program has improved Federal cyber resilience over the past year
- 84 percent say CDM is critical to Cyber EO compliance
- 58 percent says the CDM Program has had a “major impact” on agency cybersecurity
Since the Cyber EO published, 67 percent see the program as more important to long-term cybersecurity goals. Those respondents specifically cited the CDM Program’s EDR, network security and management, and asset management goals.
CDM stakeholders surveyed also pointed to the CDM Program’s still-increasing potential to help Federal agencies in the long march to improved security.
In particular, stakeholders noted slow uptake among agencies, and less than a third gave their agency an “A” grade for their use and participation in the program.
They also pointed to the evident cybersecurity value of the agency data feeds generated by the CDM Program, with 55 percent saying they incorporated those feeds into agency risk management processes. At the same time, nearly nine out of 10 respondents see untapped value remaining in the program’s security dashboard capabilities, with 89 percent believing that agencies are now only “scratching the surface” of the dashboards’ value.
Alternatively, stakeholders pointed to solid value being delivered by the CDM Program over the past year:
- 49 percent say the program has improved visibility and situational awareness
- 49 percent see CDM as helping agencies to automatically identify network assets
- 41 percent credit the program with helping their reporting accuracy
- 39 percent say CDM has streamlined threat monitoring and remediation efforts
“The CDM Program’s importance was emphasized by the Cyber EO, and is foundational to EO compliance,” commented Caroline Boyd, principal, government programs, at MeriTalk. “Our research highlights agencies need for increased focus on CDM adoption which remains integral to improving our nation’s cybersecurity posture.”
For the full research report from MeriTalk, please download.
To hear Judy Baltensperger, Project Manager, CDM Program, CISA discuss the recent findings register for the “CDM: The Multitool in Your Cyber Kit” complimentary webinar on June 23 at 1:30 p.m. EDT.