Ross Foard, Senior Engineer in the Continuous Diagnostics and Mitigation (CDM) Program Office at the Cybersecurity and Infrastructure Security Agency (CISA), said on Dec. 4 that many Federal agencies are completing work on the second of four phases of the CDM program.
Speaking at an event organized by SailPoint and focused on identity, credential, and access management (ICAM) technologies and implementation, Foard talked about how CDM and ICAM implementation efforts go hand in hand.
During that discussion, Foard commented, “We are in the middle of completing Phase 2 right now … Most of your agencies are completing that right now.”
The four phases, or capabilities, of the CDM program are: asset management; identity and access management; network security management; and data protection management.
Elsewhere during his remarks, Foard said he is “really happy that the industry is converging on” the zero-trust security model, calling it ideal for enterprise-level access and credential applications. He also said the zero-trust model was important for protecting high-value assets, which is an increasingly important focus of the CDM program going forward.