Jan
07

Shutdown hits CISA’s transition

From: FCW

By Derek B. Johnson

***

“The challenge is that you’re trying to stand up a new entity amidst a government shutdown that is paralyzing your ability to do procurements, to hire people where there are fairly significant vacancy rates in [Continuous Diagnostics and Mitigation] and Einstein already,” said Cummiskey.

The cyber policy portfolio at DHS has grown significantly since the 2013 shutdown, adding new responsibilities in election security, implementing new systems and programs like CDM and Automated Indicator Sharing. But during a lapse in appropriations, operations revert to an emergency-only stance.

Read Complete Article

Nov
29

Agencies Will Soon Have a Cyber Hygiene Score—And Will Know Where They Rank

From: Nextgov

By Aaron Boyd, Senior Editor

The AWARE score will be based on data from agencies’ continuous monitoring tools and will give the Homeland Security Department a holistic view of the government’s cybersecurity posture.

Soon, federal agencies will have a clear idea of how they are doing on basic cybersecurity and be able to compare their posture to other agencies across the government.

The Homeland Security Department’s Continuous Diagnostics and Mitigation program, or CDM, is providing agencies with a sophisticated suite of cybersecurity tools. As those tools are put in place, the associated sensors are sending data to a centralized dashboard, giving Homeland Security and agencies a holistic view of cybersecurity throughout the federal enterprise.

Oct
30

Cybersecurity OMB to agencies: CDM success is on you

From: FCW

By Derek B. Johnson

***

In an Oct. 25 memo, Mulvaney, the director of the Office of Management and Budget, lays down the law, saying, “agencies are solely responsible for the state of their cybersecurity posture and must work closely with DHS in order to accomplish CDM program goals at the agency level.”

The memo instructs agencies that they are responsible for setting up information sharing capabilities to connect to the federal dashboard established by DHS. They are also expected to be accountable for any security problems identified. If agencies want to buy or implement continuous monitoring capabilities outside of those offered through CDM DEFEND, the latest task order contract vehicle, they must first justify the decision to the program office, OMB and the federal CIO.

Oct
29

White House Sets Deadlines for Agencies to Protect Their Digital Crown Jewels

From: Nextgov

The new guidance also requires agencies to justify buying cyber monitoring tools that aren’t vetted by Homeland Security.

By Joseph Marks, Senior Correspondent

***

The guidance also expresses White House approval for Homeland Security’s Continuous Diagnostics and Mitigation program, or CDM, which offers suites of pre-vetted cybersecurity tools to federal agencies.

In the future, agencies that want to buy continuous cyber monitoring tools that are not authorized parts of the CDM program must first send memos justifying their decisions to the Homeland Security office that manages CDM and to the federal chief information officer, the guidance states.

Sep
27

Federal Cloud Computing Strategy [Draft for Public Comment]

From: Cloud.CIO.gov

***

Trusted Internet Connections

In 2007, M-08-05 Implementation of Trusted Internet Connections (TIC)3 was released, with the purpose of standardizing the security of external network connections used by Federal agencies while reducing the number of those external network connections. The Trusted Internet Connections policy was established when agencies maintained the majority of their systems within their agency-owned and operated networks, and when networking was constrained by physical limitations. Since then, the technology landscape has changed dramatically with the proliferation of private-sector cloud offerings, the emergence of software-defined networks, and an increase in the mobile workforce. Improvements to security are now driven by standards and secured connections instead of limited physical connections.

Sep
06

ManTech secures $668M CDM contract

From: FedScoop

Written by

The Department of Homeland Security has awarded a $668 million contract to ManTech as part of its efforts to upgrade the Continuous Diagnostics and Mitigation cybersecurity program.

The Fairfax, Virginia, technology company secured the Group E contract of DHS’s Dynamic and Evolving Federal Enterprise Network Defense (DEFEND) program, ManTech officials said Tuesday in a statement. The company will provide cybersecurity services to nine federal agencies.

Read Complete Article

Sep
04

CDM moves to mobile

From: GCN

By Sara Friedman

With the first two phases of the Department of Homeland Security’s Continuous Diagnostics and Mitigation program firmly established on agency networks governmentwide, the CDM team is starting to look into how to monitor mobile devices as well.

“We want to be able to help agencies identify where incidents are, orchestrate those incidents throughout their organization and [send] the information to the [National Cybersecurity and Communications Integration Center],” CDM Program Manager Kevin Cox, said at the Aug. 30 ATARC Federal Mobile Technology Summit. “We also want to add some optimization on the agency response.”

Aug
27

What is CDM and why is it so lucrative for Booz Allen and others?

From: Washington Business Journal

By  – Senior Staff Reporter, Washington Business Journal

Think of it as monitoring as a service, using software and sensors to root out and fix cyber problems in a more proactive way. It’s pumped billions of dollars in task orders to local government contractors.

Read Complete Article [paywall]

Aug
22

DHS awards Booz Allen $1 billion cybersecurity contract

From: Axios

The Department of Homeland Security announced Tuesday it is awarding a $1.03 billion contract to Booz Allen Hamilton to boost cybersecurity vulnerability detection and mitigation in six federal agencies.

***

How it works: Agencies install network sensors to analyze cybersecurity gaps to help prioritize them. This can include anything from finding out which systems are un-patched to managing cloud security to access privileges to where data is flowing.

Read Complete Article

Aug
21

CDM Bill Is a Small Price for Major Cybersecurity Improvements

From: Nextgov

By Tom Gann

The legislation has the potential to correct many of the shortcomings of the Continuous Diagnostics and Mitigation program’s initial implementation.

Cyberattacks on federal infrastructure continue to be one of the greatest threats to U.S. national security, jeopardizing the integrity of our nation’s data and proving costly for the federal government.

A 2018 report published by the White House Council of Economic Advisers estimates that cyber crime costs the U.S. economy between $57 billion and $109 billion per year, or 0.3 and 0.6 percent of the value of all the U.S. goods and services. Among bills that address cybersecurity, a bill to advance the federal government’s Continuous Diagnostics and Mitigation program stands out as a good bet.

Older posts «