What is DHS CDM program and how its works

Continuous Diagnostics and Mitigation is a program which Department of Homeland Security (DHS) established to implementation approach consistent with the Information System Continuous Monitoring (ISCM) methodology.
CDM Mission
The Continuous Diagnostics and Mitigation (CDM) program provides tools and services that enable Federal and other government IT networks to strengthen the security posture of their cyber networks.
How CDM Works
The CDM Program enables government entities to expand their continuous monitoring capabilities by increasing their network sensor capacity, automating sensor collections, and prioritizing risk alerts.
This approach lowers the operational risk of information security systems and .gov networks.

• Agency-installed sensors perform an automated search for known cyber flaws.
• Results are fed into Agency-level dashboards that produce customized reports, alerting government IT managers of their worst and most critical cyber risks, based on standardized and weighted risk scores.
• Prioritized results enable agencies to efficiently allocate resources, based on the severity of the risk.
• Progress is tracked and results can be shared within agencies. Summary information will feed into a central Federal-level dashboard, managed by the Department of Homeland Security (DHS), to inform and prioritize cyber risk assessments across the government.

About the Program
In 2012, the Office of Management and Budget identified continuous monitoring of Federal IT networks as one of 14 Cross-Agency Priority (CAP) goals, established in accordance with the Government Performance and Results Modernization Act.
To support Federal Departments and Agencies in meeting the CAP goal, DHS established the CDM program, an implementation approach consistent with the Information System Continuous Monitoring (ISCM) methodology.
Through its authority, DHS will ensure that CDM is consistently implemented, meets critical requirements for effectiveness, and leverages centralized acquisitions in the form of strategic sourcing.
The CDM program is housed within the DHS National Protection and Programs Directorate, Office of Cybersecurity and Communications (CS&C). The CDM program management office resides in CS&C’s Federal Network Resilience division.