The U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) is at a strategic inflection point. Workforce reductions, funding pressures, organizational realignment, leadership transitions, and contracting constraints are reshaping how the agency operates at the same time as the federal cyber threat environment is becoming more complex and operationally demanding. Nation-state adversaries, ransomware syndicates, software supply chain compromises, malicious cyber operations, and expanding risks across cloud and hybrid environments continue to challenge federal network security. At the same time, advances in artificial intelligence (AI), automation, and adversary tooling are accelerating the speed at which vulnerabilities can be identified and exploited, exposing gaps in visibility, coordination, and operational response across government systems. CISA must therefore deliver greater operational impact with fewer resources while sustaining government-wide cybersecurity modernization efforts and improving its ability to defend federal networks against increasingly adaptive threats.

At the center of this challenge sits the Continuous Diagnostics and Mitigation (CDM) Program, CISA’s flagship program for building cybersecurity capabilities across Federal Civilian Executive Branch (FCEB) Departments and Agencies. Launched in 2012 by DHS, CDM was designed to provide federal agencies with tools, sensors, dashboards, and shared services to continuously monitor cybersecurity risk across federal networks. Through a phased acquisition approach and government-wide contracting vehicle, CDM has deployed capabilities supporting asset management, identity and access management, network security management, and data protection. Its federal dashboard architecture aggregates agency-level data to provide government-wide visibility into cyber risk, enabling prioritization, accountability, and oversight.

However, CDM’s structure, governance model, and reporting orientation have often prioritized compliance tracking and scorecard metrics over operational integration and threat-driven defense. As federal agencies transition to cloud-first architecture, expand deployment of AI-enabled systems, and adopt Zero Trust security principles, CDM must evolve beyond a tool deployment and reporting program into a dynamic operational platform capable of supporting real-time cyber defense across modern federal environments. To remain effective, the program must provide continuous visibility across cloud, hybrid, and on-premises systems while enabling faster detection, threat hunting, identity protection, vulnerability management, and coordinated incident response.

These recommendations in this paper are grounded in a core principle: CDM should serve as the federal government’s central platform for enabling Zero Trust implementation, continuous cybersecurity visibility, enterprise risk management, and coordinated defense across the Federal Civilian Executive Branch, and its resources, acquisition vehicles, shared services, and technical standards should be aligned accordingly. Modernizing CDM around this principle would align the program with the Administration’s cybersecurity priorities and strengthen CISA’s ability to identify, prioritize, and respond to threats affecting federal networks at enterprise scale.

This approach is consistent with Pillar 3 of President Trump’s Cyber Strategy for America, which calls for the federal government to “Modernize and Secure Federal Government Networks” through accelerated adoption of advanced cybersecurity capabilities, cloud modernization, AI-powered defenses, post-quantum cryptography, and improved procurement processes. The strategy also emphasizes the need for the federal government to improve operational coordination, agility, and resilience across federal cybersecurity efforts.

The following recommendations outline structural, technical, acquisition, and governance reforms necessary to modernize CDM for the next decade and align it with the Administration’s cybersecurity modernization objectives, including supporting Zero Trust implementation, extending visibility into cloud and emerging technology environments, strengthening defenses against increasingly automated cyber threats, and enabling CISA to defend federal networks with greater speed, coordination, and operational effectiveness in an era of persistent cyber conflict.

Read Next

Digital Evidence in Europe: Persistent Challenges, Practical Solutions

"Digital Evidence in Europe: Persistent Challenges, Practical Solutions" focuses on the transformative opportunity — and challenges ahead — presented by the EU’s upcoming e-Evidence framework.

S3 Ep 02: International Cyber Regulatory Alignment, UK Cyber Resilience

In the latest Distilling Cyber Policy podcast our hosts continue the season’s run of returning guests with a conversation featuring Irfan Hemani, discussing international cyber regulatory alignment and the growing challenge of overlapping rules.

From Strategy to Implementation: The White House Accelerates the Federal Transition to Post-Quantum Cryptography

The White House's new executive order accelerates the federal government's transition to quantum-resistant security through new migration requirements, governance obligations, and implementation deadlines.