News Feature | June 24, 2014

Managing The Switch From FISMA To CDM Cyber Security

By Cheryl Knight, contributing writer


The Continuous Diagnostics and Mitigation (CDM) program has been pushed to the forefront by recent efforts within the U.S. federal government to improve cyber security for civilian agencies across government. The recent CDM Under the Hood report, performed by the MeriTalk Cyber Security Exchange, revealed some surprising figures. For instance, 58 percent of those who responded to the study say the whole process is not going fast enough, and 90 percent want information from the program every 24 hours.

With agencies still under an obligation to uphold the Federal Information Security Management act of 2002 (FISMA), 50 percent of agencies still need to meet FISMA reporting requirements, at least until CDM can produce the data needed to replace the current FISMA system.

Can FISMA And CDM Run Together?

“Fed cyber security leads tell us they spend 25 percent of their cyber security budgets on FISMA compliance,” Steve O’Keeffe, founder of MeriTalk, explained in the report. “Chipping in on future plans for FISMA reporting provides important insight on how CDM and FISMA can run together.”

According to, the CDM program takes a more proactive approach to combating threats to the nation’s civilian .gov networks. The program should give government agencies the tools they need to automate their current network monitoring abilities, analyze security-related information, and help them make decisions based on the level of risk.

On top of the CDM program’s large amount of growth over the past year, O’Keeffe was quoted in the report as saying, “So what does this mean for the road ahead? Agencies need greater analytical capabilities, critical application resilience, common trusted identities, and secured shared service environment. Agencies are craving more and want faster delivery of the projects and services available through the program.”

Cyber Security Brainstorm Conference Tackles Cyber Security

According to the recent CDM Road Test, some of the obstacles to speeding up the switch to CDM include training, current budget constraints, and integration with current programs, among others.

To help deal with these obstacles, MeriTalk hosted the Cyber Security Brainstorm at the Newseum in Washington, D.C., on June 18. Bringing together various Federal cyber security experts, the participants at the conference shared best practices, discussed the future of cyber security, and worked on the various challenges faced by agencies together.

By understanding CDM and its implications, IT solutions providers can effectively help their civilian government clients make the switch from FISMA to the CDM program. It could help to explain the benefits of the CDM program over FISMA, such as up to a 56 percent less risk of operational information security and a better management of that risk.