Although the Continuous Diagnostics and Mitigation (CDM) program was established in 2012, its goals are still valid today:
- Reduce agencies’ threat surface.
- Increase visibility into the federal cybersecurity posture.
- Improve federal cybersecurity response.
- Streamline Federal Information Security Modernization Act (FISMA) reporting
The CDM data is intended to be foundational; aligning all parts of the federal IT mission to enable real-time situational awareness and reduce the workload on federal cybersecurity practitioners. CDM does this by automating the collection of systemic vulnerabilities regardless of whether they were procured through hardware and software, or created through misconfigurations.
Despite the tremendous efforts of the CDM program over the last decade, it continues to fall short and struggles to maintain pace with cyber threats and the increased variety and volume of IT assets connecting to federal networks.