May 29, 2025

-
min read

How the CDM Program Strengthens Federal Cyber Resilience

As cyber threats evolve, government agencies must take a proactive approach to web and mobile security.

For most organizations, a data breach can be catastrophic, resulting in loss of trust and revenue, and maybe even steep fines and penalties. When you add in a potential threat to national security, that breach becomes far more dangerous. That’s why the United States Department of Homeland Security implemented the Continuous Diagnostics and Mitigation (CDM) Program, which has become a cornerstone of federal cybersecurity.

The CDM Program helps protect federal networks by providing the tools, services, and expertise needed to identify and mitigate cyber threats. By aligning with zero trust principles and responding proactively, the CDM Program provides a robust defense against threat actors and increasingly sophisticated attacks. Here’s how the CDM Program works to defend government infrastructure.

What is the CDM Program?

In 2012, the Cybersecurity and Infrastructure Security Agency (CISA) established the CDM Program to establish cybersecurity standards for the federal government. The CDM Program “provides a dynamic approach to fortifying the cybersecurity of government networks and systems” in four key ways. The first is reducing the attack surface for government agencies. The program also increases visibility into the federal cybersecurity posture and improves response capabilities.

In 2014, the federal government introduced the Federal Information Security Modernization Act (FISMA) to codify the Department of Homeland Security’s role in “administering the implementation of information security policies for federal Executive Branch civilian agencies” and overseeing compliance. The CDM Program streamlines FISMA reporting by providing a centralized platform and additional tools to help identify threats.

What is CDM DEFEND?

The year after the CDM Program was implemented, the Department of Homeland Security created the Dynamic and Evolving Federal Enterprise Network Defense, or CDM DEFEND. Implementing a standard set of commercial solutions to meet government cybersecurity standards required flexibility, as the unique needs of each agency varied considerably. CDM DEFEND enables CISA to deliver custom solutions, which are split into a series of Task Orders:

  • CDM DEFEND GROUP A: Provides CDM Program requirements to the Department of Homeland Security
  • CDM DEFEND GROUP B: Provides CDM Program requirements to the Department of Energy, Department of the Interior, Department of Transportation, Office of Personnel Management, Department of Agriculture, and Veterans Affairs
  • CDM DEFEND GROUP C: Provides CDM Program requirements to the Department of Commerce, Department of Justice, Department of Labor, Department of State, Federal Communications Commission, Tennessee Valley Authority, and Agency of International Development 
  • CDM DEFEND GROUP D: Provides CDM Program requirements to the General Services Administration, Health and Human Services, NASA, Social Security Administration, and Treasury
  • CDM DEFEND GROUP E: Provides CDM Program requirements to the Department of Education, Environmental Protection Agency, Federal Deposit Insurance Corp., Housing and Urban Development, Nuclear Regulatory Commission, National Science Foundation, Small Business Administration, and Securities and Exchange Commission
  • CDM DEFEND GROUP F: Provides CDM Program requirements to up to 75 small and medium federal civilian Executive Branch agencies through a Shared Services platform

The United States government works with contractors to provide cybersecurity solutions to these agencies and tracks those services through an approved products list.

How does the CDM Program defend government infrastructure?

According to CISA, the CDM Program “delivers capabilities in five key program areas:”

  • Dashboard: Receives, aggregates, and displays information from CDM tools at the agency and federal levels.
  • Asset management: Manages hardware assets, software assets, security management configuration settings, and software vulnerabilities.
  • Identity and access management: Manages account/access/managed privileges, trust determination for people granted access, credentials and authentication, and security-related training.
  • Network security management: Manages network and perimeter components, host and device components, data at rest and in transit, and user behavior and activities.
  • Data protection management: Manages the protection of data through data discovery/classification, data protection, data loss prevention (DLP), data breach/spillage mitigation, and information rights management.

CISA essentially uses a zero trust security stance by enforcing strict identity verification, least privilege access, and continuous monitoring of user activity. There’s no assumed trust for users already within the network, which is where zero trust varies from traditional cybersecurity. This approach helps the program protect an ever-expanding attack surface and meet security requirements.

A key benefit of the CDM Program is the Agency-Wide Adaptive Risk Enumeration (AWARE). Introduced in 2019, AWARE provides a risk-scoring system to help agencies “assess the size and scope of their vulnerabilities” and give them a view of their potential risks. A higher score indicates a higher attack surface, and AWARE then helps the agency prioritize which vulnerabilities to address most quickly. In essence, AWARE provides an algorithm that helps determine how secure each agency’s networks are.

As cyber threats evolve, so does the CDM Program. It assists agencies with enhanced visibility, protection, and management of mobile assets, which has become increasingly necessary as more employees connect their mobile devices to government networks. The CDM Program also works with cloud service providers to issue regular guidance updates.

In 2024, the Department of Homeland Security extended several CDM DEFEND contracts. These extensions include an initial base year and two option years, which could extend the work to April 2027.

Get CDM-approved mobile threat defense

If you scroll through the CDM Program’s list of approved products, you’ll find Lookout’s Mobile Endpoint Security among those CISA uses to secure agency networks. Our CDM-approved solution rapidly detects and responds to mobile threats by leveraging the world’s largest mobile security dataset, as well as threat intelligence services and persistent mobile endpoint and detection response (EDR).

Available through CDM DEFEND Groups A-F, Lookout’s mobile security solutions enable fast, easy deployment and reporting to federal dashboards. Download the fact sheet or get in touch to learn more about Lookout’s CDM capabilities.

Lookout Mobile Intelligece APIs

Gain visibility into your mobile security blind spot with Lookout Mobile Intelligence APIs.

Book a personalized, no-pressure demo today to learn:

  • How adversaries are leveraging avenues outside traditional email to conduct phishing on iOS and Android devices
  • Real-world examples of phishing and app threats that have compromised organizations

Book a personalized, no-pressure demo today to learn:

  • How adversaries are leveraging avenues outside traditional email to conduct phishing on iOS and Android devices
  • Real-world examples of phishing and app threats that have compromised organizations
  • How an integrated endpoint-to-cloud security platform can detect threats and protect your organization

Book a Demo

Discover how adversaries use non-traditional methods for phishing on iOS/Android, see real-world examples of threats, and learn how an integrated security platform safeguards your organization.

Lookout Mobile Intelligece APIs

Gain visibility into your mobile security blind spot with Lookout Mobile Intelligence APIs.