House bill would make DHS’s CDM cyber program law

The Advancing Cybersecurity Diagnostics and Mitigation Act aims to make the CDM program a systemic requirement for DHS.
DHS Department of Homeland Security
(U.S. Customs and Border Protection / Flickr)

A new House bill aims to codify the Department of Homeland Security’s signature cybersecurity program.

Rep. John Ratcliffe, R-Texas, introduced the Advancing Cybersecurity Diagnostics and Mitigation Act, which aims to make the continuous diagnostics and mitigation program a systemic requirement for DHS.

DHS established the CDM program in 2012 as an agile, automated program that monitors federal networks and provides continuous cybersecurity protection.

The new legislation calls on the DHS secretary to “regularly deploy new technologies and modify existing technologies” to update the program, offering its cybersecurity resources to all federal agencies and report systemic cyber risks based on data collected by the program.


The bill also requires the DHS secretary to develop a comprehensive CDM strategy within 180 days of enactment and deliver a report to the Senate Committee on Homeland Security and Governmental Affairs and the House Committee on Homeland Security within 90 days outlining the federal government’s cyber risk posture based on data collected by CDM.

Ratcliffe, chairman of the House Cybersecurity and Infrastructure Protection subcommittee, said in a statement that the bill would ensure that CDM stays in stride with the evolutions of cybersecurity technology.

“Our goal with this new legislation is to help boost the long-term success of the CDM program by ensuring it keeps pace with the cutting-edge capabilities in the private sector,” he said. “We’re also safeguarding agencies from getting stuck with technologies that will soon become outdated or unsupported by their vendors.”

CDM is in the midst of awarding new contract capabilities as part of its DEFEND program, while also working on the data protection solutions it will offer as part of its Phase 4 of that program. Phases 1, 2 and 3 addressed asset and user management and data dashboards to monitor network activity.

Carten Cordell

Written by Carten Cordell

Carten Cordell is a Senior Technology Reporter for FedScoop. He is a former workforce and acquisition reporter at Federal Times, having previously served as online editor for Northern Virginia Magazine and Investigative Reporter for, Virginia Bureau. Carten was a 2014 National Press Foundation Paul Miller Fellow and has a Master’s degree from the Medill School of Journalism at Northwestern University. He is also a graduate of Auburn University and promises to temper his passions for college football while in the office.

Latest Podcasts