CISA Achieves Continuous Diagnostics and Mitigation System Reporting Automation Goal Ahead of Schedule

The Cybersecurity and Infrastructure Security Agency said in its second quarter “Strengthening Federal Cybersecurity” update that over half of U.S. federal agencies automatically submit reports to the Continuous Diagnostics and Mitigation System.

According to CISA, the Q2 2023 figure is up by 10 percentage points on-year, reaching 55 percent. CISA noted that it exceeded its target of having 50 percent of federal agencies automatically report to CDM by Sept. 30.

The cybersecurity agency hopes to eventually achieve 85 percent automatic reporting. It will also monitor other CDM elements and expects more progress throughout the year.

Future updates will focus on agency resourcing, leadership changes and tooling changes, Federal News Network reported.

Eric Goldstein, executive assistant director for cybersecurity at CISA, said in a June 22 Cybersecurity Advisory Committee meeting that CDM will continuously provide real-time visibility into assets, vulnerabilities and misconfigurations across every federal civilian network.

The CDM Program was established in 2012 to provide risk-based cybersecurity solutions to protect agencies’ critical networks and systems. According to CISA, CDM capabilities are divided into five key program areas: cybersecurity dashboard, asset management, identity and access management, network security management and data protection management.