The Department of Homeland Security's (DHSs) Continuous Diagnostics and Mitigation (CDM) program has proposed three phases for consideration to be incorporated into future Information Security Continuous Monitoring (ISCM) phases. The first phase has been conceptually adopted as the ISCM Phase 1, and the DHS CDM program is conducting further research to validate and define the subsequent two phases. The DHS CDM phases include:
Consistent with the ISCM Concept of Operations (CONOPS), the CDM program covers 15 continuous monitoring capabilities:
- Hardware inventory management;
- Software inventory management;
- Configuration setting management;
- Vulnerability management;
- Network/physical access control management;
- Trust-in-people granted access (access control management);
- Security-related behavior management;
- Quality management;
- Credentials and authentication management;
- Privilege management;
- Prepare for incidents and contingencies;
- Respond to incidents and contingencies;
- Requirements, policy, and planning;
- Operational security; and
- Generic audit/monitoring.
Capabilities are established at every level of the network, not just the periphery, which gives agencies the ability to see how effective their systems are.
The first phase of CDM focuses on four functional capabilities: management of hardware and software assets, configuration, and vulnerability, which are baseline capabilities to protect data. DHS is working with the federal CIO Council’s Information Security and Identity Management Committee (ISIMC) to identify terms of implementation for the remaining capabilities.