From: Security Boulevard
At a recent Tenable sponsored MeriTalk event, Kevin Cox, program manager for Continuous Diagnostics and Mitigation (CDM), provided a preview of coming attractions regarding the CDM federal dashboard. As of this writing, the CDM dashboard is in its initial production stage, with agency exchanges being set up to aggregate the data to be fed into the dashboard. At least five agencies are reportedly on track to have data uploaded to the CDM dashboard during the first quarter of 2018.
Agency-Wide Adaptive Risk Enumeration (AWARE): New scoring algorithm for cyber hygiene
Looking ahead, Cox announced that Release 5 of the CDM dashboard, due out in the spring, will introduce a new scoring algorithm that provides a single-number summary of each federal agency’s “cyber hygiene” status. This new algorithm, which will be known as Agency-Wide Adaptive Risk Enumeration (AWARE), is an evolving concept intended to drive CDM toward the goal of improving the way the government measures its cyber risk – that is, the degree to which known vulnerabilities continue to provide an unprotected attack surface for potential adversaries. AWARE will provide a raw risk score, which gives an agency, at a glance, a rough idea of its overall cyber risk. Cox stressed that it was only a starting point toward achieving and maintaining good basic cyber hygiene. Plans call for AWARE to continue to be refined in subsequent releases, increasingly taking mitigation and other relevant factors into account. This initial release represents an important step toward the overarching goal of sharpening the federal focus on performing basic cyber hygiene.
Leave a Reply