CDM DEFEND: Going Mobile

How the CDM DEFEND plan for adding and securing mobile devices will help government agencies improve visibility and security.

“Going Mobile” was a hit song for the British rock band “The Who” in the early 1970s. Celebrating a transient lifestyle, the song captured the public’s imagination because, at the time, society was generally immobile; people were tied to single towns, jobs, and friends and family who rarely ventured far from home.

Fast forward to 2018 and mobility has become the norm. “Telecommuting,” remote work and frequent travel are all part of our daily routines. This mobility brings unique security challenges because we are never traveling alone – we want all of our devices with us and require instant access to the applications we can’t live without.

The Department of Homeland Security (DHS) Continuous Diagnostics & Mitigation (CDM) Program Office, which is responsible for securing the entire Federal enterprise, has had concerns about the mobile challenge for some time. Now that five of six CDM DEFEND task orders have been awarded (the sixth, Group F, is expected in 2019), the program can focus more on mobility. The DEFEND task orders require awardees to improve visibility and security in the mobile environment.

The CDM DEFEND plan for adding and securing mobile devices is to develop a partnership approach. In order to meet current standards, Federal agencies have been deploying enterprise mobile solutions, or Mobile Device Management (MDM) platforms. Although it is not the answer to all mobile device security concerns, MDM represents a significant enhancement to mobile device security.

The CDM DEFEND mobile device management process

The CDM Program Office envisions the awardees first ensuring their MDM meets or exceeds CDM-compliant security benchmarks. Once that is accomplished, DHS, through the CDM DEFEND Request for Service (RFS) process, will partner to integrate Federal agency mobile security solutions into the overall CDM scheme. The MDM data will eventually flow up to the CDM Agency Dashboard, providing a more complete picture of the agency’s security posture by including the ever-growing number of mobile devices.

More than any other technology area, the mobile security challenge is complicated by the ways different agencies handle mobile. Some agencies standardize on a single platform, while others offer different handset and connection options to meet the needs of their various component sub-agencies.

“Bring Your Own Device” (BYOD) introduces challenges of non-standard hardware, operating systems and applications. Without vigilant security solutions in place, mobility increases the attack surface, widening the Cyber Exposure gap of the entire agency enterprise. The overarching goal of the DHS CDM Program Office is to overcome security challenges of the federal enterprise. By adding visibility to the hardware, software, configuration and vulnerabilities of mobile assets, these four areas in the original CDM program will increase cybersecurity across the Federal spectrum. The CDM PMO plans to accomplish this in a step-by-step, programmatic fashion:

• Complete assessments of agency mobile device management practices
• Produce analyses based on best practices and standards in use among federal agencies
• Perform gap analyses and driving to close critical gaps
• Normalize the cybersecurity data from mobile assets to be incorporated with the rest of CDM data bound for the Dashboards
• Add processes to the CDM program reviews, ensuring systems remain current and effective

Will CDM affect the effectiveness of mobility solutions? Possibly, depending on the security solutions the agency chooses. Tenable’s SecurityCenter Continuous View (SC CV) enterprise platform develops vulnerability assessments based on the information in the MDM platform; not directly connecting to the mobile device. Other CDM tools may use MDM data or require agents on the mobile device itself. Tenable took this approach to limit any effect on the device, the enterprise and the user. By leveraging the robust capabilities of their already-installed Tenable SC CV platform, agencies can add “goin’ mobile” to their list of successful CDM efforts.

To learn more about how Tenable, and its flagship CDM platform Tenable.sc Continuous View, can help your Agency improve its security posture, please visit us at: https://www.tenable.com/data-sheets/maximize-outcomes-for-cdm-and-much-more-with-securitycenter-continuous-view.