For the Cybersecurity and Infrastructure Security Agency (CISA), its Continuous Diagnostics and Mitigation (CDM) program and its Quality Service Management Office (QSMO) both serve roles for the agency to provide service excellence to Federal customers.
Associate Director of CISA’s Cybersecurity Division Matt Hartman said at MeriTalk’s CDM Central: Tales from the Frontlines digital event today that “the two programs will complement each other and they’re going to provide Federal departments and agencies access to a full suite of best-in-class cybersecurity tools and services and provide CISA visibility on the backend to provide our enterprise vulnerability management and threat hunting missions.”
Both CDM and QSMO will provide specific functions for CISA be best fulfill its mission and provide tools and services to Federal customers.
“CDM is going to remain CISA’s preferred program to deploy tools and services to departments and agencies, specifically to manage assets, manage users, manage events, and protect data,” Hartman said. “QSMO will be CISA’s preferred mechanism for setting standards and developing a marketplace of both Federal and commercial providers for departments and agencies to obtain CISA vetted and approved services.”
Aligning CDM and QSMO to work together requires a strategy that includes an integrated cyber stack of services and capabilities, a store to showcase services, and the CISA cloud.
Going forward, Hartman said CISA needs to start taking the next steps with identity and access management, begin the journey to zero trust, further pivot CDM protections to the cloud and mobile assets, and focus on data protection management.
Please visit CDM Central: Tales from the Frontlines for on-demand replays of today’s conference sessions. Then continue the conversation on July 15 at 1:30 p.m. EDT with MeriTalk’s CDM: The Next Chapter webinar that explores our recent survey of government and industry stakeholders to catalog progress and chart the path forward for the program.