Government Technology Insider
  • About
  • State & Local
  • Civilian
  • Defense & IC
SUBSCRIBE
No Result
View All Result
  • Acquisition
  • AI & Data
  • Cybersecurity
  • CX
  • Digital Transformation
  • Hybrid Work
    • Work Smarter
  • Public Safety
  • Resources
    • Technology Trends Shaping the Future of Government
    • World of Work
    • Your Digital Transformation Path Starts Here
    • The Frontlines of Customer Experience
    • Innovative Solutions for Connecting Agencies
    • Be Ready For What’s Next
Government Technology Insider
  • Acquisition
  • AI & Data
  • Cybersecurity
  • CX
  • Digital Transformation
  • Hybrid Work
    • Work Smarter
  • Public Safety
  • Resources
    • Technology Trends Shaping the Future of Government
    • World of Work
    • Your Digital Transformation Path Starts Here
    • The Frontlines of Customer Experience
    • Innovative Solutions for Connecting Agencies
    • Be Ready For What’s Next
No Result
View All Result
Government Technology Insider
No Result
View All Result
Home Cybersecurity

CDM Addresses “Foundational” Issues Identified by SANS

by GTI Editors
May 14, 2014
in Cybersecurity
Reading Time: 3 mins read
A A
Share on FacebookShare on Twitter

The first phase of the Department of Homeland Security’s Continuous Diagnostics and Mitigation (CDM) blanket purchase agreement (BPA)is “effectively identical” to the first four items on The Critical Security Controls for Effective Cyber Security version 5.0, according to Tony Sager, Chief Technologist for the Council on CyberSecurity and former COO of the Information Assurance Directorate at the National Security Agency.

“The way we refer to those four [is] foundational,” Sager said. “By itself, hardware and software asset management … won’t stop

Top 20 Critical Security Controls for Effective Cyber Security
Top 20 Critical Security Controls for Effective Cyber Security

all the attacks, but they’re foundational because you can see what’s going on. If you need to recover from a bad thing, you need to know what was there. You have to do them. And you want to do them in a way that’s cheap. You don’t want humans running around with clipboards” counting devices.

The first three items on the SANS list – inventorying authorized and unauthorized hardware on a network, doing the same for software, then establishing and maintaining secure configurations for them on servers, workstations, laptops, and mobile devices – are not just security-oriented activities, Sager said, but a mix of security and operations measures that address the “hygiene” of the systems. The fourth SANS item, continuous vulnerability assessment and remediation, begins to focus on cybersecurity specifically.

“You’d be surprised how many agencies don’t have these in place,” he said. “They didn’t have the money, or they’re only a patchwork.” He said the federal government has to be viewed as a total enterprise, since all its systems are interconnected one way or another. “Each agency can try to solve the issues by its lonesome, but we’re all connected, none of us are immune, and mostly we don’t know who we’re connected to … That means everyone has a shared risk, so we all have to do things together.”

Sager is supportive of the intent of the BPA. “I would say that CDM is a start. There’s no magic in this business, buying these tools off the BPA won’t make these problems go away,” he said. “But if you put the foundational technology in place that everybody needs, [it] frees up time to address the things that make more sense” to invest scarce resources in addressing.

From this point on, as DHS adds phase two of the CDM BPA, the tools and services won’t follow the SANS list so neatly, but that’s because once the foundational issues are resolved, government agencies have different priorities than the global community as a whole, he said.

“Access control, privilege management credentials, those are very high on the government’s [to-do] list … There is no 1-to-N list that suits everybody,” he said.

Tags: CDMContinuous Diagnostics and Mitigation. Tony SagercybersecuritySANSSANS 20

RELATED POSTS

Securing the supply chain
Civilian

Securing the Supply Chain: New Priorities for CISOs

May 2, 2023
Contributed Articles

The Importance and Challenges of Cybersecurity Testing

April 14, 2023
Contributed Articles

The Declassified Guide for Newly Appointed Technology Officials

April 13, 2023
Please login to join discussion

TRENDING NOW

  • Advana

    Meet Advana: How the Department of Defense Solved its Data Interoperability Challenges

    10416 shares
    Share 4166 Tweet 2604
  • Do More with Less: Leveraging Automation Technology to Improve Customer Experiences and Service Delivery

    18 shares
    Share 7 Tweet 5
  • The Five Pillars of Zero Trust Architecture

    532 shares
    Share 213 Tweet 133

CONNECT WITH US

Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad
Advertisement Banner Advertisement Banner Advertisement Banner
MaaS Nebula Software Factory Banner Ad MaaS Nebula Software Factory Banner Ad MaaS Nebula Software Factory Banner Ad
Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad

BECOME AN INSIDER

Get Government Technology Insider news and updates in your inbox.

Strategic Communications Group is a digital media company that helps business-to-business marketers drive customer demand through content marketing, content syndication, and lead identification.

Related Communities

Financial Technology Today
Future Healthcare Today
Modern Marketing Today
Retail Technology Insider
Today’s Modern Educator

Quick Links

  • Home
  • About
  • Contact Us

Become a Sponsor

Strategic Communications Group offers analytics, content marketing, and lead identification services. Interested?
Contact us!

© 2023 Strategic Communications Group, Inc.
Privacy Policy      |      Terms of Service

No Result
View All Result
  • Home
  • About Government Technology Insider
  • State & Local
  • Civilian
  • Defense & IC
  • Categories
    • Acquisition
    • AI & Data
    • Customer Experience
    • Cybersecurity
    • Digital Transformation
    • Hybrid Work
    • Public Safety
  • Contact Us