From: Technically Speaking
2. The Expansion of Continuous Monitoring
Another positive action that OPM has taken is to work with the Department of Homeland Security (DHS) to implement the Continuous Diagnostics and Mitigation program (CDM) by March 2016 on both its own systems and, where possible, those of contractors.
Information security training organization SANS claims that many of the basic security practices that weren’t implemented at OPM, including patching vulnerabilities, restricting privileged user accounts, checking logs for attack indicators, and so on, should have been routine procedures that CDM would have detected and mitigated. “The DHS Continuing Diagnostics and Mitigation program was funded back in 2012 to address almost all of these issues but has largely disappeared into the government procurement Bermuda triangle. “
Leave a Reply