Earlier this month, President Biden signed a cybersecurity-focused executive order designed to put federal agencies on a path toward securing their networks and data. The executive order also aims to increase information sharing between the public and private sectors, and give government organizations more tools to protect their networks and better enable asset management.
A critical component of the executive order is that agency leadership begin developing plans to implement zero trust architecture within their organizations. One of the foundational elements of an effective Zero Trust architecture involves knowing what’s accessing the network and what it’s doing while accessing the network – which is still a challenge for some agencies.
However, this is something that the Continuous Diagnostics and Mitigation (CDM) Program is designed to help agencies overcome.
To learn more about the CDM Program and how it helps strengthen government networks, we sat down with Jake Munroe, a product marketing manager and cybersecurity expert at Axonius. During our discussion, Munroe gave us an overview of the CDM Program, highlighted some of its critical components, and took a detailed look at asset management — an essential part of CDM and larger cybersecurity initiatives.
Here’s what he had to say:
GovCyberHub (GCH): What is the CDM Program?
Jake Munroe: CDM is a program from the Cybersecurity and Infrastructure Security Agency (CISA). Its mission is to safeguard, secure, and strengthen the cybersecurity of federal networks by improving the security posture of federal civilian agencies. It aims to deliver relevant, timely, and actionable information for security teams.
At a basic level, CDM seeks to help agencies answer four questions. What’s on the network? Who’s on the network? What’s happening on the network? And, how’s the data protected? The fifth component of CDM is reporting from each of the different areas into an agency dashboard, then aggregating data from across agencies into a single dashboard at CISA.
CDM also provides a way for federal agencies to procure the tools needed to answer the questions through the CDM approved product list that aligns with those five CDM areas.
The IT landscape in the federal government has become increasingly complex. This has been fueled by cloud adoption, SaaS application adoption, and the rising number of remote or hybrid workers. It has also made it more difficult for cybersecurity teams to secure federal networks.
“Agencies work tirelessly to generate asset inventories, this effort is manually intensive, and the resulting inventory is quickly outdated.” – Munroe
While the CDM Program has been around since 2012, it’s more relevant now than ever as the pandemic has forced many into remote work, driving many agencies to revisit their BYOD and application access protocols.
GovCyberHub (GCH): One of the CDM Program areas is asset management. Can you define asset management for our readers? What different types of assets is the CISA referencing when they talk about asset management?
Munroe: Asset management is foundational to CDM compliance. It means having an understanding of the assets – hardware devices, software, cloud infrastructure – on the agency networks. It also entails ensuring devices and software are configured properly and tracking known vulnerabilities.
GovCyberHub (GCH): Why is asset management so essential to the cybersecurity stature of government agencies? What challenges can they face if they lack visibility and control of the assets on their network?
Munroe: As IT complexity increases, asset management has become a more difficult task. Long gone are the days of counting desktop machines connected to a wired network in a secure facility.
There’s a tweet from cybersecurity expert, Jim Schwar, that we often show federal security leaders when we meet with them. It does an incredible job of illustrating just how little transparency IT and security professionals have into their networks, and how different stakeholders may have vastly different estimates as to how many endpoints or users are on their networks.
CISO: How many windows hosts do we have?
AV Guy: 7864
Desktop Management: 6321
EDR Team: 6722
CMDB Team: 4848
SIEM Team: 9342— Jim Schwar (@jimiDFIR) February 8, 2018
While many agencies work tirelessly to generate asset inventories, this effort is manually intensive, and the resulting inventory is quickly outdated.
GovCyberHub (GCH): What are cybersecurity asset management platforms? What functionality and capabilities do they deliver?
Munroe: Cybersecurity asset management goes beyond traditional IT asset management. By connecting to existing security tools and IT management solutions, it correlates asset information from many sources to generate a comprehensive, always up-to-date asset inventory. It also creates a master record for each device and user, enabling security teams to discover and mitigate security gaps.
Because it employs data from multiple sources, security teams can use cybersecurity asset management to verify that software tools are deployed everywhere they should be. They can also be alerted when an asset falls out of compliance.
Cybersecurity asset management gives agencies a real-time platform or dashboard that unifies data from existing tools.
“Using a cybersecurity asset management platform helps teams obtain and continually update an accurate inventory of all IT resources.” -Munroe
With these solutions in place, cybersecurity professionals can unify all assets – including cloud assets and unmanaged IoT devices – into a single pane of glass without needing to scan networks or install agents. They can report and track security coverage and compliance for all assets. They can ensure agency and organization users are enrolled in access management, MFA, and other security platforms.
GovCyberHub (GCH): How can a cybersecurity asset management platform help agencies increase network security? What role can they play in the CDM Program?
Munroe: Cybersecurity asset management tools increase network security by improving visibility into assets and users accessing agency networks. It enables users to find security gaps and take action to resolve them.
Using a cybersecurity asset management platform helps teams obtain and continually update an accurate inventory of all IT resources. It helps them discover security gaps related to the asset’s presence or configuration. And it gives them the ability to enforce security requirements to rapidly address identified gaps.
Excitingly, the CDM Program is helping agencies identify and acquire the tools needed to securely manage their assets – endpoint agents, cloud and network tools, vulnerability scanners, mobile security, and more.
“At a basic level, CDM seeks to help agencies answer four questions. What’s on the network? Who’s on the network? What’s happening on the network? And, how’s the data protected?” – Munroe
Cybersecurity asset management can bring the data from those tools together, correlate it, and give agencies actionable insights to improve their security posture. It also helps serve as part of the collection system to feed data into the agency and federal dashboards as part of the CDM Program.
