The Small Business Administration (SBA) is working with the Department of Homeland Security (DHS) to run a pilot program to fulfill Continuous Diagnostics and Mitigation (CDM) requirements in the cloud with an innovative approach to meet CDM’s goals.
“We adopted the model that we were going to implement CDM in the cloud, and I think we are the first agency to implement CDM in the cloud,” said Sanjay Gupta, CTO at SBA, during FCW’s Big Issues CDM Conference on Wednesday. “We at the SBA are trying to work with DHS to help to move the needle and try and see how the CDM program can be aligned with the cloud.”
Gupta laid out the agency’s plans to meet the spirit of CDM’s requirements, if not following every letter of the law.
“Our vision for protecting the SBA assets is very simple, but yet very powerful. We’re looking at a single set of tools that are in the cloud, and we have visibility across all IT assets in the Small Business Administration, whether those assets sit in the cloud or on-prem,” he said. “In doing so, we realized that we could not only meet the intent of the CDM, but also some of the things like the TIC [Trusted Internet Connections].”
Gupta expressed his confidence in the SBA’s solution and its ability to protect data as required by CDM.
“We believe we have basically accomplished all four phases of CDM,” he said, pointing to the visibility within SBA’s assets. “The last part is about feeding to the Federal dashboard,” he noted, but described SBA’s plan to share information with DHS and allow them full visibility as well.
For anyone interested in a deep dive, SBA is happy to accommodate.
“I’ve had probably 600 to 700 folks representing 30 different agencies come and visit us. We do a two-hour session, and show exactly what we’re doing. We spend three slides on the discussion, and the rest of the two hours is spent in actually showing what capabilities we have. And this is a live show, what I mean by that is that it’s not a demo, it’s not a pristine environment, it’s the tools we have implemented in production, and we show it as they are,” said Gupta, inviting those interested to see for themselves how SBA is working to transform CDM.