As the Continuous Diagnostics and Mitigation (CDM) program matures, it requires a new way of thinking. While agencies will continue to buy tools to fill gaps in their defenses, they need to start thinking about how those tools fit into their larger cybersecurity strategy.
The CDM program has shifted from one previously organized by phases to one that is now organized by capability areas defined by asset management, identity and access management, network security management, and data protection management as referenced in Figure 1.
The initial task orders under the program were tool-oriented, with a focus on automating the ability to identify, profile and scan assets on the network and improve visibility into credentialed and privileged users. Task orders related to these initial phases were issued against the (now retired) CDM Tools/Continuous Monitoring as a Service (CMaaS) blanket purchase agreements, and typically ran two or three years.