House bill would make DHS’s CDM cyber program law

A new House bill aims to codify the Department of Homeland Security’s signature cybersecurity program.

Rep. John Ratcliffe, R-Texas, introduced the Advancing Cybersecurity Diagnostics and Mitigation Act, which aims to make the continuous diagnostics and mitigation program a systemic requirement for DHS.

DHS established the CDM program in 2012 as an agile, automated program that monitors federal networks and provides continuous cybersecurity protection.

The new legislation calls on the DHS secretary to “regularly deploy new technologies and modify existing technologies” to update the program, offering its cybersecurity resources to all federal agencies and report systemic cyber risks based on data collected by the program.

The bill also requires the DHS secretary to develop a comprehensive CDM strategy within 180 days of enactment and deliver a report to the Senate Committee on Homeland Security and Governmental Affairs and the House Committee on Homeland Security within 90 days outlining the federal government’s cyber risk posture based on data collected by CDM.

Ratcliffe, chairman of the House Cybersecurity and Infrastructure Protection subcommittee, said in a statement that the bill would ensure that CDM stays in stride with the evolutions of cybersecurity technology.

“Our goal with this new legislation is to help boost the long-term success of the CDM program by ensuring it keeps pace with the cutting-edge capabilities in the private sector,” he said. “We’re also safeguarding agencies from getting stuck with technologies that will soon become outdated or unsupported by their vendors.”

CDM is in the midst of awarding new contract capabilities as part of its DEFEND program, while also working on the data protection solutions it will offer as part of its Phase 4 of that program. Phases 1, 2 and 3 addressed asset and user management and data dashboards to monitor network activity.