Following a review of the U.S. Department of Homeland Security’s Continuous Diagnostics and Mitigation (CDM) program, the Government Accountability Office (GAO) identified in a Wednesday report that while the program has met two of its goals, it lacks sufficient guidance for managing network security and data protection. The program generally supports government-wide cybersecurity initiatives, but DHS’s Cybersecurity and Infrastructure Security Agency (CISA) hasn’t finalized all plans for how the CDM program can provide support.
For example, GAO noted that the CISA hasn’t fully updated the program’s cloud asset management guidance.
Based on its findings, the GAO is recommending that DHS and CISA issue guidance on implementing network security and data protection capabilities, address data quality concerns, deploy an endpoint solution, and update guidance on cloud asset management. DHS, speaking on behalf of CISA, agreed with the recommendations.
The DHS set up the CDM program in 2012 to strengthen the cybersecurity of government networks and systems. Its goals were to reduce exposure to insecure configurations or known vulnerabilities; improve…
