In the News

FCW - FedRAMP and CDM offer a unified path to security in the cloud

Posted February 12, 2016

Now is the time for agencies to begin viewing FedRAMP and CDM in tandem and thinking about how they can work in concert. By considering their linkage, agencies can chart a path that unites the dual demands of improving their security while also embracing the cloud.


FedScoop - Accepting Information Risk: Knowing How Much is Too Much

Posted November 4, 2015

Because of disfavor with the burdens of System Security Authorization (SSA) and in light of recent and numerous compromises of sensitive data in attacks on federal information systems, it is worth reconsidering how agency officials can best employ SSA to prevent data breaches similar to those we have recently witnessed. Here are five recommendations to improve how federal agencies authorize their IT systems as secure.


GCN - What can your agency learn from the CDM rollout at DHS?


Posted June 19, 2015

As a former chief information security officer at two federal civilian agencies, I can't overstate the value of benefiting from another agency's trials, lessons learned, and successes when anticipating and preparing for your own endeavor. The CDM integration across 11 DHS organizational units will deliver a great deal of insight for other agencies, helping them avoid hazards as well as optimize technical implementation and project management to reduce information security risk. 

Lets consider how your agency might benefit. 

GCN - CDM Phase 2: How to avoid déjà vu all over again

Posted February 3, 2015

Soon it will be déjà vu all over again, as Phase 2 also requires an assessment process. This time, the assessment will be for a set of requirements that include management of network access controls, people granted access, security-related behavior, credentials and authentication.  Considering that Phase 2 builds on Phase 1, it’s vital the process be done right, and that agencies revisit their Phase 1 assessment strategy before they tackle it again.

To help agencies ensure their Phase 2 needs are thoroughly and accurately identified, here are four key recommendations.

Federal Times - 5 Ways to Make CDM Rollout More Effective

Posted August 12, 2014

Today we review the information agencies should be prepared to share in technical libraries/reading rooms with the pending release of Task Order 2 request for quotes (RFQ).

GSA plans to issue an RFQ for each buying group over the next nine to twelve months. However, agencies can do several things before that to ensure the optimal solutions for their needs are procured as quickly and effectively as possible.

Federal Times - On CDM, Avoid a 'Right Train, Wrong Track' Problem

Posted July 9, 2014

If you haven't carefully evaluated your current continuous monitoring capability, its level of maturity, and how to configure what you own for CDM, you run risk of going the wrong way, wasting time, and getting lost.

Good planning is the key to successful deployment of CDM. A well-grounded ISCM plan can limit disruptions to normal operations, and can prevent delays in implementing tools and processes needed to mature the agency's CDM capability.

FCW - Continuous Monitoring: Closer Than You Think

Posted June 23, 2014

How will agencies use those "free" resources from DHS? Will they choose products that fill missing gaps in their CDM migration, or could they unknowingly duplicate what they already own and end up with something they didn't really need?

By taking advantage of a product they already own and their employees are already familiar with, agencies could implement continuous monitoring more quickly than they would by introducing new products into the IT environment, which might add to unnecessary tool sprawl or, worse, duplicate what they already have.

GovInfoSecurity - Deploying a Continuous Monitoring Plan

Posted March 11, 2014

If an agency doesn't know what its most sensitive and critical systems are, then it's pretty difficult to know what to monitor. They could waste a whole lot of effort and resources unnecessarily. It has to start from a risk-based awareness of your own agency in its operations.

Savings generated by continuous monitoring can be applied to other IT security measures. The cost of implementing FISMA were substantial; continuous monitoring aims to reduce those quite a lot.

GCN - Got Your Security Monitoring in Gear?

Posted February 13, 2014

"I'm sure most agencies have a documented plan in place," said Patrick Howard, formerly chief information security officer at the Nuclear Regulatory Commission and the Department of Housing and Urban Development. "But they need to look at it again in light of these new requirements."

Having the products available does not ensure a successful continuous monitoring program, Howard said. "I don't think technology is the problem. Where the program falls down with agencies is with the implementation."

Federal News Radio - Are You Ready For the Next Big Cyber Deadline?

Posted January 31, 2014

It's easy to grumble about what appears to be another paper-pushing exercise in light of so many others. But let's keep in mind, the Department of Homeland Security's CDM program is about far more than compliance: it swings the pendulum toward near real-time, proactive security, doing away with reliance on static infrequent, paper-bound reporting that can provide false notions of security.

Rather than merely appeasing a requirement that can withstand Inspector General scrutiny, the strategy should truly function as a CDM road-map and migration path - one that takes into account the agency's security maturation and existing capabilities, capitalize on investment with least amount of disruption.

Quick Contact

Kratos CDM Program Manager
Phone: 410.937.1008
Request more information