Agencies advance to next level of security risk assessment with CDM DEFEND

DHS’s Kevin Cox says that CDM DEFEND offers new flexibility for agencies moving on to Phase 3 of the CDM program.
CDM Defend
(FedScoop)

Agencies moving into Phase 3 of the government’s Continuous Diagnostic and Mitigation (CDM) program will discover greater flexibility utilizing the program’s offerings, according to a program official.

The Department of Homeland Security is now issuing agencies a long-term task order with a higher monetary ceiling to give them maximum flexibility in extending the work at different intervals, according to CDM program manager Kevin Cox at DHS.

The CDM program is a dynamic approach to fortifying the cybersecurity of the federal government’s networks and systems, allowing agencies to identify who’s on the network, what’s on the network and what’s happening on the network, Cox explained in a podcast interview with FedScoop.

Joining Cox in the podcast, Eric Trexler shared how lessons learned from the previous phases were integrated into Phase 3, also known as CDM DEFEND.

Trexler, vice president for global governments and critical infrastructure at Forcepoint, noted that with a better understanding of the challenges agencies had integrating the CDM process in the first two phases, Phase 3 feels like a fresh start to make CDM a smoother, more enduring process.

Phase 3 allows agencies to respond to the “what’s happening on the network” question, expanding the overview of an agency’s data security — whether it is on-premises or in the cloud. It will continue to build on foundations established in Phases 1 and 2.

Those foundations began with agency-installed sensors performing an automated search for known cyber flaws to feed information into dashboards. Stressing the importance of dashboards, Cox says they allow agencies to have a real-time or near-real-time visibility of their assets. Summary information then feeds into a federal dashboard and shows a broader cybersecurity risk posture across the federal government.

“CDM brings automation, it brings funding and capability. Agencies still aren’t grasping onto the capabilities of the program and how they can take advantage of this to accelerate their cybersecurity needs,” explains Trexler.

Cox reminds listeners that each agency has a program manager associated with the effort. The CDM program facilitates an integrated perspective as agencies, CDM program management teams and third-party vendors work together.

“Take a look across the agency and see what is working well and identify those areas where they might need some additional support. Once they have that understanding, bring that to our PM team as well and we can look at how we can assist the agency get full visibility in real time or near real time of their data and that it is protected properly,” highlights Cox.

For more information on the CDM Program and Forcepoint’s approved solutions, please visit www.forcepoint.com/cdm.

This podcast was produced by FedScoop and underwritten by Forcepoint.

Latest Podcasts