The Office of Management and Budget (OMB) said in its FY2022 FISMA Report that the Cybersecurity and Infrastructure Security Agency’s (CISA) Continuous Diagnostics and Mitigation (CDM) program counted 48 Federal agencies that were making notable progress on deployments of endpoint and detection response (EDR) technologies by the end of fiscal year 2022 that ended last Sept. 30.
The annual FISMA report is required by the Federal Information Security Modernization Act (FISMA), and the report’s data comes mainly from information reported to OMB and the Department of Homeland Security (DHS) by Federal agencies as part of their own FISMA reporting obligations. The current report talks about progress up through the end of FY2022, but not in the seven-plus months since then.
On the CDM front, OMB reported that CISA began buying EDR tools for a total of 50 Federal agencies with American Rescue Plan Act (ARPA) funding, including tools for ten of the 24 CFO Act agencies, and also for 40 smaller Federal agencies.
By the end of FY2022, OBM said, there were “48 agencies that either use EDR solutions deployed by CISA or have self-attested to achieving greater than 80 percent coverage of known endpoints.”
OMB also ticked off a list of other accomplishments where “the CDM program made significant progress in making available and deploying enterprise EDR and mobile security solutions in support of EO 14028.” Those include:
“• Achieving active deployment with 12 CFO Act agencies and over 20 non-CFO Act agencies, several of which have met the necessary criteria for EDR to be considered fully deployed there;
- Offering CISA support to all Federal agencies and meeting the needs of all agencies that have expressed a need;
- Initiating the first phase of Host Level Visibility (HLV) rollouts;
- Completing Enterprise Mobility Management (EMM) integration at one CFO Act agency;
- Achieving development or deployment status with 6 additional CFO Act agencies; and
- Completing EMM designs for non-CFO Act agencies, with deployments that began in September 2022.”
In addition, OMB said that the CDM program has “supported identity management deployments at 11 CFO Act agencies and 2 non-CFO Act agencies and modernized the CDM Dashboard capability to support visibility improvements under our Memorandum of Agreement 2.0.”
Looking ahead, OMB said the CDM program in FY2023 “will work with agencies to continue EDR deployments and begin rollout of Mobile Threat Defense (MTD).”