The Cybersecurity and Infrastructure Security Agency (CISA) plans to provide in 2021 an updated Continuous Diagnostics and Mitigation (CDM) program that could help reduce reporting requirements for agencies while helping them improve security, Nextgov reported Friday.
“We want the data to be as complete and accurate, and as timely as possible, so that we can reduce the data calls for [binding operational directives] and [emergency directives], reduce the CyberScope reporting, and get them to trust the data in the dashboard when they're making those risk-based decisions,” Judy Baltensperger, CDM program manager at CISA, said Thursday during an event.
She said most of the pilot agencies have moved their infrastructure to the cloud and that data quality certification will likely be carried out by the summer of 2021.
“What we want to do through the pilots that we've had engaging with the different CSPs, the cloud service providers is make sure that we have a full understanding of the data they have available, look at, for example, how the data that they have available aligns with the CDM requirements,” said Kevin Cox, CDM program manager. “And then make sure that that is available to the agencies, that they have that real-time and near real-time understanding of the protections they have in the cloud."