Efforts to advance mobile and cloud services discovery on Federal networks are among the top priorities of the Continuous Diagnostics and Mitigation (CDM) program in FY2020, said CDM Program Manager Kevin Cox this week.
Speaking at MeriTalk’s CDM Central event on October 10, Cox identified mobile and cloud discovery as just two among a lengthy list of program priorities for the fiscal year that began earlier this month.
Other priorities include undertaking further cloud security and high-value asset (HVA) pilots. In the latter area, Cox said last month that his office was looking to explore the possibility of having at least one HVA pilot in each DEFEND task order group.
Also on the FY2020 list is helping agencies to fill deployment gaps for the first two CDM capabilities – asset management and identity management.
The FY2020 work-list also includes establishing a Federal baseline for AWARE (Agency-Wide Adaptive Risk Enumeration) algorithm scores for agencies that are already reporting AWARE scores via CDM, and also providing guidance to agencies on how to boost their AWARE scores including through software patching and aligning with other FISMA (Federal Information Security Management Act) categories.
The CDM Program Office will also work to “address challenges” with agencies that are not yet reporting AWARE scores, Cox said.
AWARE scores, he said, will not be publicly reported – partly out of concerns of how adversaries might be able to use them – but will be reported to Federal leadership, he said.
Cox said he viewed FY2020 “as a readiness year” to work with Federal agencies “to get familiar with your score, get them in the Federal AWARE score average.” He continued, “We’ll continue to mature this and get it down to the business system level.”
Cox also talked about his office’s continued progress in signup up smaller Federal agencies to the CDM shared services platform, saying that 29 agencies were “operational” with the platform, another eight were “in deployment,” and a further 17 were working on memorandums of agreement.
He said the success of the platform was a “huge win for the Federal government to get near real-time visibility of the non-CFO Act agencies because it’s never been there before. We’re really proud of the efforts that we have underway.”
Cox added that the CDM office was continuing to work with the General Services Administration “to get the new task order request out on the street for the shared service platform for the non-CFO Act agencies.” The timing for that, he said, is “imminent,” adding, “we’re working through some final reviews there.”
Speaking broadly about the program’s aims, Cox said, “The adversary is continually looking to get in on our federal networks, continually looking to get to our data, continually looking to disrupt our networks … We really want to be able to help the agencies get in front of the attacks, we want to help them protect data wherever it is located. That is continuing to be the focus for the program.”