“The federal government’s continuous diagnostics and monitoring (CDM) program is being implemented across 33 different federal agencies, each with their own missions, capabilities and approaches. With all the roadblocks presented with tools, funding and networking integration, agency leaders are discussing lessons learned for paving the way forward…”
“’It’s very easy to go off on the CDM ‘path’ unilaterally,’ said Gary Stevens, deputy CIO and director of cyber strategy for the Department of Veterans Affairs. ‘It has to be part of a holistic front.’ Stevens said one of his initiatives at VA is to ensure that CDM fits into the larger cybersecurity architecture of the agency.”
“Stevens also recommended thinking about the CDM framework as ‘guideposts’ for the desired capabilities, thinking above all about how it ties into each agency’s initiatives and goals.”
“’Security is all about enabling the mission,’ he said. ‘For us, it’s crucial that we do that as we move out on the integrated health record, the digital transformation [and] the modernization efforts…’”
“The CDM-approved products list now includes over 245,000 approved tools for agencies to use, giving them the freedom to find a solution that delivers the desired outcome, but does not negatively affect the mission…” Read the full article here.
Source: Why Agencies Should Focus on CDM Outcomes, Not Tools – By James Mersol, October 18, 2019. GovernmentCIO.