Continuous Diagnostics
and Mitigation Program
Protecting government systems and networks continues to be a top priority for the federal government. The Department of Homeland Security’s Continuous Diagnostics and Mitigation (CDM) program was established in 2013 to enhance federal, state, local, regional and tribal governments’ ability to identify and mitigate the impact of emerging cyber threats. Recent changes to the procurement process have made it easier to incorporate new technologies and streamline the acquisition of tools.
DHS and the General Services Administration have worked together to create a procurement vehicle that provides easy access to COTS tools that support the CDM mission. CDM Tools SIN 541519CDM is a government-wide contracting solution through GSA MAS contract to offer these tools at an advantageous price.
To be added to the GSA MAS contract CDM Tools SIN, the hardware and software products and associated services must first undergo a DHS product qualification process and added to the CDM Approved Products List (APL). The full complement of CDM subcategories includes tools, associated maintenance and other related activities such as training. The SIN is organized by CDM capabilities into the following subcategories or phases: assets, users, events and boundary protection, data and emerging tools and technology.
immixGroup offers SIN 541519CDM on its GSA MAS contracts and provides a wide variety of best-of-breed cybersecurity products and solutions. The immixGroup team’s extensive knowledge of COTS cybersecurity technologies and the government procurement process facilitate rapid delivery of the best security solutions to our government customers.
For more information, contact us: CDM@immixgroup.com
The Hardware Asset Management (HWAM) Function is to discover unauthorized or unmanaged hardware on a network. Once unauthorized or unmanaged hardware is discovered by the contractor's provided tool(s), the agency will take action to remove this hardware. Since unauthorized hardware is unmanaged, it is likely vulnerable and will be exploited as a pivot to other assets if not removed or managed.
The Software Asset Management (SWAM) Function is to discover unauthorized or unmanaged software configuration items (SWCI) in IT assets on a network. Once unauthorized or unmanaged SWCI are discovered by the contractor's provided tool(s), the agency will take action to remove these SWCI. Because unauthorized software is unmanaged, it is probably vulnerable to being exploited as a pivot to other IT assets if not removed or managed. In addition, a complete, accurate, and timely software inventory is essential to support awareness and effective control of software vulnerabilities and security configuration settings; malware often exploits vulnerabilities to gain unauthorized access to and tamper with software and configuration settings to propagate itself throughout the enterprise.
The Configuration Management (CM) Function is to reduce misconfiguration of IT assets, including misconfigurations of hardware devices (to include physical, virtual, and operating system) and software. Once a misconfiguration of hardware devices is discovered by the contractor provided tools, the supported department / agency will be responsible to take any needed action to resolve the problem or accept the risk. Over 80% of known vulnerabilities are attributed to misconfiguration and missing patches. Cyber adversaries often use automated computer attack programs to search for and exploit IT assets with misconfigurations, especially for assets supporting Federal agencies, and then pivot to attack other assets.
The Vulnerability Management (VUL) Function is to discover and support remediation of vulnerabilities in IT assets on a network. Vulnerability management is the management of risks presented by known software weaknesses that are subject to exploitation. The vulnerability management function ensures that mistakes and deficiencies are identified. Once the contractor provided tool(s) identify these mistakes and deficiencies, the agency will take action to remove or remediate these from operational systems so that they can no longer be exploited. (An information security vulnerability is a deficiency in software that can be directly used by a hacker to gain access to a system or network.).
The Manage Network Access Controls (NAC) Function is to prevent, and allow the agency to remove and limit, unauthorized network connections/access to prevent attackers from exploiting internal and external network boundaries and then pivoting to gain deeper network access and/or capture network resident data in motion or at rest. Boundaries include firewalls as well as encryption (virtual private networks). Additionally, the function will prevent, remove, and limit unauthorized physical access.
The Manage Trust in People Granted Access (TRU) Function is to prevent insider attacks by carefully screening new and existing persons granted access for evidence that access might be abused. The Manage Trust in People Granted Access capability informs the Manage Account Access (Section 2.2.1.9) capability by providing background information and potential risk, or compromise, factors. These factors are used to determine if someone should be granted access, under the Manage Account Access capability, to certain resources (e.g., sensitive data).
The Manage Credentials and Authentication (MCA) Function is to prevent a) the binding of credentials to or b) the use of credentials by other than the rightful owner (person or service) by careful management of credentials, preventing attackers from using hijacked credentials to gain unauthorized control of resources, especially administrative rights. The MCA capability ensures that account credentials are assigned to, and used by, authorized people. This capability will rely on the results of the Manage Account Access capability (Section 2.2.1.9) to ensure that only trusted people receive credentials. This covers credentials for physical and logistical access.
The Manage Account Access (MAA) Function is to prevent access beyond what is needed to meet business mission by limiting account access and eliminating unneeded accounts to prevent attackers from gaining unauthorized access to sensitive data. The Manage Account Access capability will assign access to computing resources based, in part, on their level of trustworthiness (as determined in Functional Area 6, Section 2.2.1.6).
The Prepare for Contingencies and Incidents (CP) Function is to prevent loss of confidentiality, integrity, and/or availability by being prepared for unanticipated events and/or attacks that might require recovery and/or special responses, preventing attacker’s compromises from being effective by adequate recovery as needed, and natural events from causing permanent loss by adequate preparation as needed.
The Respond to Contingencies and Incidents (INC) Function is to prevent repeat of previous attacks and limit the impact of ongoing attacks by using forensic analysis, audit information, etc. to a) appropriately respond to end ongoing attacks and to b) identify ways to prevent recurrence to prevent attackers from maintaining ongoing attacks and exploiting weaknesses already targeted by others.
The Design and Build in Requirements Policy and Planning (POL) Function is to prevent exploitation of the system by consciously designing the system to minimize weaknesses and building the system to meet that standard in order to reduce the attack surface and increase the effort required to reach the parts of the system that remain vulnerable. The Design and Built in Requirements, Policy, and Planning capability includes software assurance best practices to ensure that security is built into the System Development Lifecycle. This capability addresses how to avoid or remove weaknesses and vulnerabilities before the system is released into production caused by poor design and insecure coding practices.
The Design and Build in Quality (QAL) Function is to prevent attackers from exploiting weaknesses by finding and prioritizing weaknesses and fixing the most important weaknesses first. This capability addresses software before it is installed and operational.
The Manage Operation Security (OPS) Function is to prevent attackers from exploiting weaknesses by using functional and operational control limits to help senior managers determine when to authorize operation of systems, and when to devote extra attention to reducing risks to prevent attackers from exploiting preventable weaknesses and analyze prior failures to identify and resolve system weaknesses. This activity receives information from the Manage Audit/Information (Section 2.2.1.14) capability to help support leadership decisions to enable improvement of security. It covers information about all operational capabilities and, therefore, does not apply to the creation of a system.