CISA Improving CDM Program With Access Management Capabilities

The Cybersecurity and Infrastructure Security Agency is working to integrate access management capabilities into its Continuous Diagnostics and Mitigation program to further strengthen the cyber defenses of federal agencies.

CDM is currently focused on mitigating vulnerabilities and cyber incidents in federal systems, including the recent exploitation of a structured query language injection vulnerability in Progress Software’s MOVEit Transfer online applications.

At an AFCEA-hosted event, Foss Foard, a senior engineer for CISA’s cybersecurity division, said his team is identifying types of credentials the CDM program can manage in cloud environments. Expanding CDM’s capabilities can enhance security by preventing unauthorized access and ensuring secure authentication, Nextgov/FCW reported.

According to Foard, implementing the planned CDM improvement will ensure agencies comply with the Federal Information Security Modernization Act and other federal information security requirements.

CISA previously made efforts to enhance the program, including launching the CDM Agency Dashboard, which provides cyber risk information and an object-level view of an agency’s cybersecurity posture for enhanced incident response, and the CDM Federal Dashboard designed to give CISA and the Office of Management and Budget visibility into all how participating agencies are managing cyber risks and improving cybersecurity.