CDM 2.0: Advancing Federal Cybersecurity
- ICIT Research
- 14 minutes ago
- 3 min read
July 2, 2026
By ICIT and Center for Cybersecurity Policy and Law
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) is operating under significant pressure. Workforce reductions, budget constraints, organizational changes, leadership transitions, and limits on contracting are affecting how the agency carries out its mission. At the same time, federal agencies face a more complex cyber threat environment. Nation-state actors, ransomware groups, software supply chain compromises, malicious cyber operations, and risks across cloud and hybrid systems continue to challenge federal network security. Advances in artificial intelligence, automation, and adversary tools are also making it easier to identify and exploit vulnerabilities, exposing gaps in visibility, coordination, and response across government systems. CISA must improve federal cyber defense while working with fewer resources and continuing to support government-wide cybersecurity modernization.
The Continuous Diagnostics and Mitigation (CDM) Program is central to that effort. CDM is CISA’s primary program for helping Federal Civilian Executive Branch departments and agencies improve cybersecurity visibility and risk management. DHS launched CDM in 2012 to provide agencies with tools, sensors, dashboards, and shared services to monitor cybersecurity risks across federal networks. Through a phased acquisition approach and government-wide contracting vehicle, CDM has supported capabilities in asset management, identity and access management, network security management, and data protection. Its federal dashboard aggregates agency-level data to give the government a broader view of cyber risk and support prioritization, accountability, and oversight.
CDM, however, has often been shaped more by compliance reporting and scorecard metrics than by operational cyber defense. As agencies move to cloud-based architectures, deploy AI-enabled systems, and implement Zero Trust principles, CDM needs to evolve. It should no longer function primarily as a tool deployment and reporting program. It should become an operational platform that supports real-time defense across modern federal environments. To remain useful, CDM must provide continuous visibility across cloud, hybrid, and on-premises systems while supporting faster detection, threat hunting, identity protection, vulnerability management, and coordinated incident response.
The recommendations in this paper are based on a simple premise: CDM should be the federal government’s central platform for Zero Trust implementation, continuous cybersecurity visibility, enterprise risk management, and coordinated defense across the Federal Civilian Executive Branch. Its funding, acquisition vehicles, shared services, and technical standards should be organized around that mission. Modernizing CDM in this way would better align the program with the Administration’s cybersecurity priorities and improve CISA’s ability to identify, prioritize, and respond to threats affecting federal networks at scale.
This approach is consistent with Pillar 3 of the 2026 Cyber Strategy for America, which calls for the federal government to “Modernize and Secure Federal Government Networks” through faster adoption of advanced cybersecurity capabilities, cloud modernization, AI-enabled defenses, post-quantum cryptography, and improved procurement processes. The strategy also emphasizes stronger operational coordination, agility, and resilience across federal cybersecurity efforts.
The recommendations that follow identify structural, technical, acquisition, and governance reforms needed to modernize CDM for the next decade. These reforms are intended to support Zero Trust implementation, improve visibility into cloud and emerging technology environments, strengthen defenses against automated cyber threats, and help CISA defend federal networks with greater speed, coordination, and effectiveness.
About ICIT
The Institute for Critical Infrastructure Technology (ICIT) is a nonprofit, nonpartisan, 501(c)3think tank with the mission of modernizing, securing, and making resilient critical infrastructure that provides for people’s foundational needs. ICIT takes no institutional positions on policy matters. Rather than advocate, ICIT is dedicated to being a resource for the organizations and communities that share our mission. By applying a people-centric lens to critical infrastructure research and decision making, our work ensures that modernization and security investments have a lasting, positive impact on society. Learn more at www.icitech.org.
-500x198.png)



