Centrify and SailPoint Technologies have tools to address the tasks outlined in Phase 2 of the Department of Homeland Security’s (DHS) Continuous Diagnostics and Mitigation (CDM) program, according to representatives from the companies and DHS itself.
The CDM program, mandated by the Office of Management and Budget in 2012, provides Federal agencies with tools to identify and address cyber threats. CDM is split into three phases. Priorities in Phase 2 include access control management (TRUST), security-related behavior management (BEHV), credentials and authentication management (CRED), and privileges (PRIV). In a partnership with the General Services Administration (GSA), DHS is acquiring companies on behalf of CDM participants.
“Strong authentication in CRED management is really the measure of success,” said Ross Foard, CDM Phase 2 engineer in DHS’s Office of Cybersecurity and Communications (CS&C).
Two of the companies DHS is working with are Centrify and SailPoint. Centrify offers account authorization controls for Unix, Linux, and Windows servers. David McNeely, vice president of product strategy for Centrify, said the company issues role assignments to grant login rights. According to McNeely, who spoke at the Institute for Critical Infrastructure Technology (ICIT) panel discussion on Jan. 11, users can access applications and do certain tasks without having access to all apps.
SailPoint is another company with products specifically geared toward Phase 2 of the CDM program. SailPoint’s IdentityIQ is an identity and access management (IAM) tool that provides instant visibility as to what employees have access to what information. Frank Briguglio, an engineer at SailPoint, said that IdentityIQ uses a common data model and is useful for meeting Federal Information Security Management Act (FISMA) requirements, such as periodical access reviews.
“You’ll really be able to have a full view into user access,” Briguglio said. “Any rogue attempts to add accounts will be flagged.”
According to Foard, several of the 26 agencies participating in CDM had been interested in establishing contract awards before the program began. He also said that agencies that are not in the program can still contact DHS for assistance.
Jim Piché, director of the General Services Administration’s Federal Systems Integration and Management Center (FEDSIM) homeland sector, serves as a point person between Federal agencies and industry representatives. FEDSIM assists agencies with acquiring IT services from private sector companies.
Piché stated that GSA and DHS took a different approach to Phase 2 of CDM, which he described as a “pilot” of U. S. Chief Information Officer Tony Scott’s IT investment fund. Instead of dividing money between agencies so they could find their own solutions, DHS and GSA issued a single contract award for one company to provide a governmentwide solution, which will be tailored to agencies based on their specific needs.
“The future of CDM rests in the hands of agencies,” Piché said. “DHS is providing the candy store. We have opportunities for agencies to fund additional capabilities. You can look forward to that in Phase 3.”