From: US GAO
***
Effective Implementation of the CDM Program Could Improve Information Security at Agencies
The CDM program provides federal agencies with tools and services that are intended to provide them with the capability to automate network monitoring, correlate and analyze security-related information, and enhance risk-based decision making at agency and government-wide levels. These tools include sensors that perform automated scans or searches for known cyber vulnerabilities, the results of which can feed into a dashboard that alerts network managers and enables the agency to allocate resources based on the risk.
DHS, in partnership with and through the General Services Administration, established a government-wide acquisition vehicle for acquiring continuous diagnostics and mitigation capabilities and tools. The CDM blanket purchase agreement is available to federal, state, local, and tribal government entities for acquiring these capabilities.
There are three phases of CDM implementation:
Leave a Reply