DHS/CISA/PIA-030 Continuous Diagnostics and Mitigation (CDM)

The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Cybersecurity Division (CSD) developed the Continuous Diagnostics and Mitigation (CDM) program to support government-wide and agency-specific efforts to implement adequate, risk-based, and cost-effective cybersecurity. CDM provides continuous monitoring, diagnostics, and mitigation tools and services to strengthen the security posture of participating federal civilian departments and agencies’ systems and networks through the establishment of a suite of capabilities that enables network security officials and administrators to know the state of their respective networks at any given time, informs Chief Information Officers (CIO) and Chief Information Security Officers (CISO) on the relative risks of threats, and makes it possible for government personnel to identify and mitigate vulnerabilities. This PIA Update is being conducted to assess the privacy risks related to the CDM Shared Service Platform, which makes CDM capabilities available for use by non-Chief Financial Officer (CFO) Act agencies. The Shared Service Platform is provided to non-CFO Act agencies using a third-party contractor to CISA that connects the agency’s network(s) to the platform. Additionally, this PIA Update examines the CDM Agency-Wide Adaptive Risk Enumeration (AWARE) capability. The CDM AWARE capability allows participating agencies to better assess and prioritize cybersecurity risks by assigning a risk score to agency vulnerabilities. December 2019

Associated SORN(s):

• DHS/ALL-004 General Information Technology Access Account Records System (GITAARS)
• SORN coverage is provided by the department or agency that subscribes to CDM as a service, if needed