The Continuous Diagnostics and Mitigation (CDM) program is currently piloting the CDM Aware algorithm at different agencies, but there’s uncertainty as to whether a full implementation will be ready by October, while a soft roll out may still be in play, said Jeanette Manfra, assistant director for Cybersecurity at the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA).
At the GovEdge 2019 event today, Manfra told reporters that the agency is tweaking around how the methodology can be used more intuitively for how an agency leader may use it to prioritize.
“I don’t know if it’ll be fully implemented in October,” Manfra said, adding “My biggest concern is that anytime you start assigning number scores to something, it really quickly turns into ‘well, this agency appears to be doing better than this agency, why are you doing this over here?’”
The assistant director said that she wants to make sure that the tool is ultimately useful for risk management and to start getting more agencies involved going forward. The CDM program has already received some feedback from the agencies currently piloting the program, but Manfra declined to say which or how many agencies were participating.