“Federal agency chief information security officers (CISOs) told a Senate panel today that the security payoffs yielded by the Continuous Diagnostics and Mitigation (CDM) program are well worth the challenges that agencies have faced in implementing the program run by the Cybersecurity and Infrastructure Security Agency (CISA)…”
“The CDM program – along with the EINSTEIN intrusion detection and blocking program – are CISA’s two main programs that aim to protect Federal civilian networks. For Federal agencies, implementing CDM capabilities is a multi-year effort that includes foundational investments in network asset and user and access management infrastructure that then yield big gains in network security and data protection management…”
“Asked by [Sen. Maggie Hassan, D-N.H.] about the CDM program’s benefits and challenges at the agency level, Department of Health and Human Services (HHS) CISO Janet Vogel replied that CDM implementation has been ‘quite a challenge … because it is a huge effort’ to undertake at large, federated agencies like HHS.
HHS, for instance, has more than 83,000 direct employees and almost as many contract workers and operates several big component agencies including the Centers for Disease Control and Prevention, Food and Drug Administration, National Institutes of Health, and Centers for Medicare & Medicaid Services.
In implementing the CDM program across the entire agency and its operating divisions, Vogel said many networks are in varying states of modernization which requires changes in network hardware and software. ‘It is a very, very complex activity,’ she said.
But the payoff for that work is evident. ‘We have found that what it provides really helps us as a department,’ Vogel said. ‘We are getting information in a more timely way,’ which means ‘if we can see [problems] faster, we can respond faster’ to security concerns, she said…” Read the full article here.
Source: Federal CISOs Say CDM Payoffs Well Worth Implementation Challenges – By John Curran, May 11, 2021. MeriTalk.
