CDM Compliance and Cybersecurity Risks

Lauren Yacono
by Lauren Yacono
February 21, 2019
Table of Contents
Table of Contents

The Department of Homeland Security (DHS) Continuous Diagnostics and Mitigation (CDM)  is a critical component of the government’s cybersecurity posture. Government agencies and organizations need to both understand and align with the CDM requirements.

The overarching goal for the CDM DHS is to strengthen cybersecurity practices and posture for government networks and data by focusing on key questions in each CDM phase. 

Phase 1 Phase 1: WHAT IS ON THE NETWORK?

 

Phase 2

Phase 2: WHO IS ON THE NETWORK?

 

Phase 3

Phase 3: WHAT IS HAPPENING ON THE NETWORK?

 

Phase 4

Phase 4: HOW IS DATA PROTECTED?

 

As noted by homeland security, The CDM approach is consistent with guidance from the Office of Management and Budget (OMB) and the National Institute of Standards and Technology (NIST) and helps meet federal reporting requirements, including many FISMA mandates.

WHAT IS ON THE NETWORK

In Phase 1, cybersecurity professionals must identify what is on the network, which includes the management and control of devices (HWAM), software (SWAM), security configuration settings (CSM), and software vulnerabilities (VUL).

Hardware Assessment Management (HWAM) makes sure devices are identified, authorized, and managed. As pointed out by CISA, HWAM helps reduce the exploitable attack surface by providing information about unauthorized devices that can be removed or authorized and ensuring they are assigned to a person or team for system administration. File integrity monitoring can help with unauthorized and unmanaged devices, specifically those that are more likely to be used by attackers as a platform from which to extend the compromise of the network to be mitigated.

Assets are defined as 

  • A hardware asset that has an IP address and is connected to an organization's network(s). This includes networking devices, workstations, and input/output devices, both physically and virtually.
  • USB devices/other removable devices connected to hardware with an IP address. These devices can become the gateway for malware These devices become a vector to spread malware across additional devices.

Software Asset Management (SWAM) ensures that installed software is present. Additionally, SWAM

  • Provides visibility to discover/identify software
  • Reviews software for unsafe configurations and out-of-date patches
  • Detects and prevents unauthorized software from network deployment 

File integrity monitoring can assist with both HWAM and SWAM requirements, as discovery and management of both hardware and software installations/changes are not only large cybersecurity risks if not monitored, but are easily monitored throughout the evolving federal enterprise network.

WHAT IS HAPPENING ON THE NETWORK

In Phase 3, understanding what is actually happening on the network will have a tremendous effect on security-related information available to agencies, and is broken into four capabilities:

  • BOUND Boundary Protection
  • MNGEVT Manage Events
  • DBS Design and Build-in Security
  • OMI Operate, Monitor, Improve

The MNGEVT capability identifies security threat vectors, or security violations/events.  This capability utilizes an incident management system to report and share events with OMI, which relates to system and information integrity. These systems are complementary to one another and aimed at strengthening security posture.

A FIM tool can detect and log unexpected changes to servers and network devices, and facilitate incident management for the MNGEVT requirement.  

OMI focuses on the root-cause analysis and prioritization of security mitigation response and recovery. An advanced file and system information integrity monitoring software should provide insight, actionable information, and recovery capabilities.

CDM SECURITY OBJECTIVES

Though many organizations must implement CDM, the task does not have to be daunting. Categorizing security objectives can help organizations as they begin CDM compliance. The top 5 security objectives for CDM compliance include:

  • Identify
  • Protect
  • Detect
  • Response
  • Recover

Understanding how to manage what is on the network begins with the discovery of what is on the network. File and system integrity monitoring software can help aid in Phase 3 CDM compliance efforts.

To learn more about how CimTrak can help with CDM compliance, download the CDM solution brief today.

CDM_solution_brief
Tags:
News
Lauren Yacono
Post by Lauren Yacono
February 21, 2019
Lauren is a Chicagoland-based marketing specialist at Cimcor. Holding a B.S. in Business Administration with a concentration in marketing from Indiana University, Lauren is passionate about safeguarding digital landscapes and crafting compelling strategies to elevate cybersecurity awareness.
Follow me on LinkedIn

About Cimcor

Cimcor’s File Integrity Monitoring solution, CimTrak, helps enterprise IT and security teams secure critical assets and simplify compliance. Easily identify, prohibit, and remediate unknown or unauthorized changes in real-time

2023 Cybercrime Report
UNDERSTANDING THE PROFESSIONALIZATION OF CYBERCRIME

2023 Cybercrime Landscape Report

GET THE FREE REPORT

Related Blog Posts

Data Governance and the GDPR
  • Lauren Yacono
    |
     
  • January 3, 2018
Data Governance and the GDPR

3 min read

Phishing in Finance: Can Software Fight Social Engineering Threats?
  • Lauren Yacono
    |
     
  • October 27, 2016
Phishing in Finance: Can Software Fight Social Engineering Threats?

3 min read

4 Critical Proactive Cybersecurity Measures You Need in 2023
  • Lauren Yacono
    |
     
  • November 22, 2022
4 Critical Proactive Cybersecurity Measures You Need in 2023

4 min read