CDM Program – Cyber Transformation at Government Scale

Industry Perspectives 2020-11-19

The U.S. Federal Government's Continuous Diagnostics and Mitigation (CDM) program is a smart and bold move to dramatically improve the cyber security posture of its civilian executive branch agencies (the term 'agency' encompasses both departments and agencies). Administered by the Department of Homeland Security (DHS), the CDM program is a multiyear program that has been operational since 2013 and will continue for several more years. Here are the objectives and goals of the CDM program in the government's own words, as taken directly from the CDM web page:

"Consistent with the Federal Government's deployment of Information Security Continuous Monitoring (ISCM), the Continuous Diagnostics and Mitigation (CDM) Program is a dynamic approach to fortifying the cybersecurity of government networks and systems. The CDM Program provides DHS, along with Federal Agencies[,] with capabilities and tools [to] identify cybersecurity risks on an ongoing basis, prioritize these risks based on potential impacts, and enable cybersecurity personnel to mitigate the most significant problems first. Congress established the CDM program to provide adequate, risk-based, and cost-effective cybersecurity and more efficiently allocate cybersecurity resources."

The CDM program is structured into four phases that establish foundational capabilities, and sequentially build upon that foundation in order to deliver upon the overall program objectives. 

These four phases are:

  • CDM Phase 1: Identify, audit and report what is on the network
  • CDM Phase 2: Identify who is on the network
  • CDM Phase 3: Identify what is happening on the network
  • CDM Phase 4: Provide the capability for data protection

The CDM program has most recently entered Phase 3, moving from discovery and management of government networks to active defense and response. The program is administered through designated prime contractors, which currently are CACI, Booz Allen Hamilton, CGI Federal and Mantech. These prime contractors work with the 23 CFO Act agencies, which are broken out into distinct groups.

The contract/task order component of Phase 3, known as Dynamic and Evolving Federal Enterprise Network Defense (DEFEND), provides professional expertise to understand what is happening on networks and to effectively respond to security incidents. CDM DEFEND plays a critical role in improving government cyber security by making additional funds available, supplementing often strapped agency budgets.

There are specific steps that must be followed to secure such DEFEND funding and offset the cost of better cyber security. In the earlier phases the CDM prime contractors could make recommendations to agencies regarding how best to meet the CDM cyber security objectives. That is no longer the case in Phase 3 – agencies themselves are now responsible for identifying their cyber security gaps, and then identifying the best technology and the best technology providers to mitigate those security gaps. Compliance with the CDM program is not mandatory. However, agencies that pursue cyber security tools that do not comply with CDM requirements must submit justification to DHS.

FireEye is working today with many agencies in several areas related to the CDM program. For some agencies, we are helping them assess current capabilities and prioritize their identified gaps. For many agencies that currently utilize FireEye solutions, we are helping them understand how all the capabilities of their existing FireEye solutions can be utilized to meet CDM capability requirements.

FireEye Mandiant has been helping government and commercial organizations for the past 15 years with all manner of expert-level cyber security consulting services. These services span the spectrum of offerings from incident response and training to strategic risk assesments and cyber program development.

Check out our FireEye Mandiant web page to learn more.