Train From Home on Your Schedule with OnDemand - Special Offers Available Now


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

Continuous Diagnostics and Mitigation: Making It Work - A SANS Survey

CDM Awareness Lacking at Operational Level; Inspector General Awareness Low; Obstacles to Adoption Include Staffing and Skills

  • Bethesda, MD
  • July 24, 2014

The Continuous Diagnostics and Mitigation (CDM) program is improving the security levels at federal agencies that are taking advantage of the program, according to a new SANS survey on CDM adoption. In it, 44% of those who reported implementing CDM are experiencing increased security as a result. Unfortunately, the same survey indicates that a very low number of respondents are adopting the controls.

"The survey results show some clear and reachable opportunities for agencies to better leverage their use of the CDM program and improve their security," says Tony Sager, director of the SANS Innovation Center. "It also clarifies how the other portions of the government cyber ecosystem (e.g., GSA, OMB, IGs, DHS) have to do their part if we are ever to achieve the potential of the DHS CDM program."

The goal of the survey, sponsored by FireMon, ForeScout, IBM and Symantec, was to learn what is working and what is not working for organizations implementing these controls in order to help the CDM program succeed at its goal of reducing risk through continuous monitoring and other controls.

Despite extensive outreach by DHS, the "trickle down" of information to security administrators, analysts and operations staff has been limited. CIOs (49%) and CSOs (49%) had levels of awareness significantly higher than that of security (36%) or IT administrators (21%). Even more distressing, only 5% of survey respondents reported awareness and support of their Inspectors General. This overall lack of information about the program hinders its adoption.

"While most of the technologies used in CDM are familiar, moving to continuous monitoring will require significant process change and skill enhancement," says John Pescatore, author of the report and senior director at SANS Institute. "This SANS survey showed that government security managers are worried about the training and staffing they will need to make the change from the traditional compliance-focused annual audit approach."

Lack of needed skills (36%), staffing (32%) and the ever-present budget concerns (40%) were cited as the key barriers once organizations have knowledge about the program.

Full results will be shared during an August 6 webcast at 1 PM EDT featuring Tony Sager, who formerly served in many capacities at the NSA, including as Chief Operating Officer. Register to attend the complimentary webcast at

Those who register for the webcast will also receive access to the published results paper developed by SANS Analyst and emerging technologies expert, John Pescatore.

Tweet This!

Early CDM adopters improving security: SANS survey webcast Aug 6 at 1 PM EDT. Register: #Gov #Technology

Govt IT Pros: hear results from SANS CDM Survey on Aug 6 at 1 PM EDT. Register: #Gov #Technology

What are the benefits to those taking advantage of the DHS CDM program? Webcast Aug 6: #Gov #Technology

Find Out Who's Taking Advantage of CDM. Survey Results Webcast 8/6, 1 PM EDT. Register: #Gov #Technology

SANS Media Contact

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions worldwide. Renowned SANS instructors teach more than 60 courses at In-Person and Live Online cyber security training events, and more than 50 courses are available anytime, anywhere with our OnDemand platform. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system – the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (