The Cybersecurity and Infrastructure Security Agency has issued an updated document designed to provide a description of a common data schema to ensure that prescribed diagnostic activities within Continuous Diagnostics and Mitigation, or CDM, platforms are consistent across all federal agencies.
CISA said Wednesday the CDM Data Model Document Version 5.0.1 aligns with fiscal year 2023 metrics of the Federal Information Security Modernization Act, or FISMA.
Federal agencies use the common data schema to meet critical objectives: reducing the threat surface, increasing visibility into the federal cybersecurity posture, streamlining FISMA reporting and enhancing federal cybersecurity response capabilities.
Table of Contents
What Is the CDM Data Model?
According to the public version of the document, the CDM Data Model is a common schema of data attributes and elements based on requirements and recommendations conveyed in the CDM architecture.
The schema plays a role in the development of the data requirements for the CDM program and represents the data’s “to-be state” within and outside of Layer C of the CDM architecture.
Document’s Purpose
The updated document outlines the basic data requirements that the program expects each CDM platform to incorporate and offers guidance regarding the data that CDM tools at agencies must collect.
CISA said CDM integrators should use the document to advance the development of a holistic platform, integrating data requirements into the operational flow of security tools and sensors.