How to Address Continuous Diagnostics and Mitigation (CDM) Program Requirements

CDM Program

There’s an endless cycle to monitoring and protecting your IT environment. It’s no longer good enough to check systems at a designated time, update patches, and then carry on. Today’s threat actors are motivated, seemingly working 24/7 to find and exploit vulnerabilities and to make a public example of agencies that aren’t on their toes.

To address these threats, the U.S. Federal government has taken several steps to shore up its cybersecurity policies and processes. The Continuous Diagnostics and Mitigation (CDM) Program enables the Department of Homeland Security (DHS), along with Federal Agencies, state, local, regional, and tribal governments, to enhance and further automate their existing continuous network monitoring capabilities, correlate and analyze critical security-related information, and enhance risk-based decision making at the Agency and Federal enterprise level.

Phase 1, which went into effect in 2013, focused on endpoint integrity. Phase 2, which took effect in 2014, focuses on least privilege and infrastructure integrity. The four main categories or steps in Phase 2 are:

Access control management
Security-related behavior management
Credentials and authentication management
Privileges

CDM PHASE	BEYONDTRUST SOLUTION
Phase 1 – Endpoint Integrity
HWAM – Hardware Asset Management SWAM – Software Asset Management CSM – Configuration Settings Management VUL – Vulnerability Management	Retina CS Enterprise Vulnerability Management
Phase 2 – Least Privilege and Infrastructure Integrity
TRUST – Access Control Management (Trust in People Granted Access)	PowerBroker Privileged Access Management Retina CS Enterprise Vulnerability Management
BEHV – Security-Related Behavior Management	BeyondInsight Clarity
CRED – Credentials and Authentication Management	PowerBroker Password Safe
PRIV – Privileges	PowerBroker for Windows PowerBroker for Mac PowerBroker for Unix & Linux

To help you address your CDM Phase 2 requirements, we’ve created a summary of the functional areas and how BeyondTrust solutions can help.

(TRUST) Access Control Management (Trust in People Granted Access)

The Manage Trust in People Granted Access capability informs the Manage Account Access capability by providing background information and potential risk, or compromise, factors. These factors are used to determine if someone should be granted access.

BeyondTrust solutions can integrate with identity and access management solutions to provide a powerful best-of-breed solution that will:

Increase visibility into user, application and asset interaction with behavioral analytics to track potential malicious activity from insider and external threats

Enhance efficiency around regulatory compliance reporting by providing insight into identity activities and account utilization

Provide visibility into provisioning applications to minimize risk and potential breaches

(BEHV) Security-Related Behavior Management

The security-related behavior management functional area addresses the behavior of someone who has been granted access to IT devices and systems. Information from this capability feeds into the Manage Trust in People Granted Access capability where determinations will be made about someone’s suitability for continued access based, in part, on their behavior.

BeyondInsight Clarity enables IT and security professionals to identify the data breach threats typically missed by other security analytics solutions. A standard capability of the BeyondInsight IT Risk Management Console, Clarity pinpoints specific, high-risk users and assets by correlating low-level privilege, vulnerability and threat data from a variety of BeyondTrust and third-party solutions.

(CRED) Credentials and Authentication Management

The MCA capability ensures that account credentials are assigned to, and used by, authorized people.

PowerBroker Password Safe automates password and privileged session management, providing secure access control, auditing, alerting, and recording for any privileged account. By improving the accountability and control over privileged access, IT organizations can reduce security risks and achieve compliance objectives.

(PRIV) Privileges

Prevent access beyond what is needed to meet business mission by limiting account access and eliminating unneeded accounts to prevent attackers from gaining unauthorized access to sensitive data.

PowerBroker for Windows, PowerBroker for Mac and PowerBroker for Unix & Linux reduce the risk of privilege misuse on physical and virtual Microsoft Windows desktops and servers, Mac desktops, and Unix and Linux servers. By eliminating administrator privileges, delegating access, simplifying the enforcement of least privilege policies, maintaining application access control, and logging privileged activities, IT closes security gaps, improves operational efficiency, and achieves compliance objectives faster.

For more information on the CDM program requirements and how BeyondTrust solutions address the categories, please download our white paper ‘Addressing Continuous Diagnostics and Mitigation Program Requirements’. Or, contact us today to schedule a strategy session.