The Department of Homeland Security (DHS) Continuous Diagnostics and Mitigation (CDM) is a critical component of the government’s cybersecurity posture. Government agencies and organizations need to both understand and align with the CDM requirements.
The overarching goal for the CDM DHS is to strengthen cybersecurity practices and posture for government networks and data by focusing on key questions in each CDM phase.
Phase 1: WHAT IS ON THE NETWORK?
Phase 2: WHO IS ON THE NETWORK?
Phase 3: WHAT IS HAPPENING ON THE NETWORK?
Phase 4: HOW IS DATA PROTECTED?
As noted by homeland security, The CDM approach is consistent with guidance from the Office of Management and Budget (OMB) and the National Institute of Standards and Technology (NIST) and helps meet federal reporting requirements, including many FISMA mandates.
WHAT IS ON THE NETWORK
In Phase 1, cybersecurity professionals must identify what is on the network, which includes the management and control of devices (HWAM), software (SWAM), security configuration settings (CSM) and software vulnerabilities (VUL).
Hardware Assessment Management (HWAM) makes sure devices are identified, authorized, and managed. As pointed out by CISA, HWAM helps reduce the exploitable attack surface by providing information about unauthorized devices that can be removed or authorized and ensuring they are assigned to a person or team for system administration. File integrity monitoring can help with unauthorized and unmanaged devices, specifically those that are more likely to be used by attackers as a platform from which to extend compromise of the network to be mitigated.
Assets are defined as
- A hardware asset that has an IP address and connected to an organization's network(s). This includes networking devices, workstations, and input/output devices, both physically and virtually.
- USB devices/other removable devices connected to hardware with an IP address. These devices can become the gateway for malware These devices become a vector to spread malware across additional devices.
Software Asset Management (SWAM) ensures that installed software is present. Additionally, SWAM
- Provides visibility to discover/identify software
- Reviews software for unsafe configurations and out-of-date patches
- Detects and prevents unauthorized software from network deployment
File integrity monitoring can assist with both HWAM and SWAM requirements, as discovery and management of both hardware and software installations/changes are not only large cybersecurity risks if not monitored, but are easily monitored throughout the evolving federal enterprise network.
WHAT IS HAPPENING ON THE NETWORK
In Phase 3, understanding what is actually happening on the network will have a tremendous effect on security-related information available to agencies, and is broken into four capabilities:
- BOUND Boundary Protection
- MNGEVT Manage Events
- DBS Design and Build-in Security
- OMI Operate, Monitor, Improve
The MNGEVT capability identifies security threat vectors, or security violations/events. This capability utilizes an incident management system to report and share events with OMI, which relates to system and information integrity. These systems are complimentary to one another, and aimed at strengthening security posture.
A FIM tool can detect and log unexpected changes to servers, network devices, and facilitate incident management for the MNGEVT requirement.
OMI focuses on the root-cause analysis, and prioritization of security mitigation response and recovery. An advanced file and system information integrity monitoring software should provide insight, actionable information, and recovery capabilities.
CDM SECURITY OBJECTIVES
Though many organizations must implement CDM, the task does not have to be daunting. Categorizing security objectives can help organizations as they begin CDM compliance. The top 5 security objectives for CDM compliance include:
To understand how to manage what is on the network begins with the discovery of what is on the network. A file and system integrity monitoring software can help aid in Phase 3 CDM compliance efforts.
To learn more about how CimTrak can help with CDM compliance, download the CDM solution brief today.
February 21, 2019