The Cybersecurity and Infrastructure Security Agency (CISA) is chalking up two significant milestone victories in its ongoing campaign to help Federal agencies put into action recent cybersecurity improvement mandates.
Richard Grabowski, acting program manager of CISA’s Continuous Diagnostics and Mitigation (CDM) program, said today that the two developments this month will help ease the burden on Federal agencies to complete requirements laid out in President Biden’s cybersecurity executive order (EO) and the agency’s Binding Operational Directive (BOD) 22-01.
The first: agencies will no longer have to manually report datasets in response to CISA’s BOD 22-01. CISA issued the BOD in November 2021 to establish a CISA-managed catalog of known exploited vulnerabilities and force agencies to remediate them.
After about a year of tasking agencies with manual reporting requirements, CISA is now automating the entire process, Grabowski said during a Federal News Network webinar.
“For the first time ever, we will be using CDM investments and the data that are in the architecture to automate those reporting when the clock ticks over to October,” he said.
“So, no longer will we be requiring agencies who have data in the platforms to report via spreadsheets manually,” he added. “We will have our operators looking at automated data first as a preference to responding to those BOD data calls. And that’s delivering on a long-standing promise that the program has had for almost 10 years. So I’m very excited about that.”
The second achievement, Grabowski said, is that CISA now has “persistent access to agency EDR tools.” This effort – long one of the key goals of the CDM program – relates back to the EO putting significant new requirements on Federal agencies to deploy endpoint detection and response (EDR) technologies on their networks. CISA expects to be done with most of its end of the EDR work by fiscal year 2023.
Grabowski said whether people have been tracking the EDR initiative through the cyber EO or through M-22-01, “you’ll see a language in there that talks about CISA having persistent access to agency EDR tools.”
“The beginning of this month [was the] first time we’ve been able to do that. Our threat hunting teams now have persistent access to agency tools. They can do collaborative threat hunting with them,” Grabowski said. “This is incredibly important because it changes the paradigm for CISA – before of us being a reactionary agency – for us being now a proactive agency and helping agencies identify risks in near real-time and kind of changing the game to a collaborative operations type of setup.”
“One of the things I hope the agencies appreciate is that everybody really likes a second set of eyes,” he continued. “We’re not there to take day-to-day operations over – we’re really there looking for specific things, double checking things, helping you identify things you may have missed if that’s the case. And so I’m really excited about kind of where CISA is going to really provide a lot more value to our agency customers on initiatives such as this.”