DHS seeks dashboard to drive continuous monitoring
- By William Jackson
- Sep 03, 2014
Editor's note: This story was changed Sept. 9 to reflect the fact that the RSA Archer platform is a contending product for the CDM dashboard program and not the only selected product as stated in a previous version of this article. In a statement RSA said, "We reacted to official public statements and documentation we received indicating that the RSA Archer GRC solution was, in fact, selected for the CDM Dashboard. RSA will of course defer to DHS to finalize their selection processes."
The Archer governance, risk and compliance platform from RSA is a finalist for the Homeland Security Department's dashboard for its Continuous Diagnostics and Mitigation (CDM) program, which is intended to give the Homeland Security Department enterprise-level visibility into the security posture of federal IT systems.
The purpose of CDM is to leverage data from scans of agencies’ IT systems to enable risk-based operational decisions, said Michael Brown, retired rear admiral and now vice president of RSA’s global public sector operations. The single pane of glass provided by the dashboard can deliver operationally relevant information from a wide variety of locations and products so that events and responses can be prioritized.
The term “continuous monitoring” can be misleading. Although agencies are monitoring their systems continuously, any given system is being assessed only periodically. This puts a premium on making use of the data obtained from scanning in as close to real time as possible. The dashboard helps with this.
The CDM program implements requirements for continuous monitoring of IT systems under the Federal Information Security and Management Act. The General Services Administration in August awarded blanket purchase agreements to 17 companies that are partnering with dozens more vendors to provide a wide array of off-the-shelf tools for monitoring the status of agency IT systems.
Continuous monitoring of IT systems is part of a move away from the periodic certification and accreditation of IT systems originally done every three years under FISMA. Agencies now are required to provide data feeds – first quarterly, then monthly – into DHS’s CyberScope. CyberScope feeds are provided by commercial tools available through the CDM program. These tools comply with the Security Content Automation Protocols (SCAP), a collection of specifications developed by the National Institute of Standards and Technology that allows products from various to vendors to communicate and interoperate.
The CDM program is in its first phase, which addresses hardware and software asset management, configuration settings management and vulnerability management. Subsequent phases, now being defined, will cover privilege and infrastructure integrity as well as management of the security lifecycle.
Archer has been available for about 10 years. Producing reports and dashboard displays from imported data feeds is one of the capabilities of the modular product. Other features include incident, threats, policy, risk, vulnerability and compliance management. It also has modules specifically for federal assessment and authorization under FISMA and for performing continuous monitoring.
Because of this functionality, Archer already is widely used for security monitoring in federal agencies, including DHS, as well as in the private sector. The platform’s strengths include the ability to incorporate data from a range of sensors, not just its own modules and other RSA products. That means that in addition to its use by IT security teams it can provide command and control capability in the security operations center.
Depending on what activities or systems are being monitored, users can also decide what data needs to be collected and where to get it from, and they can use data to prioritize responses.
William Jackson is freelance writer and the author of the CyberEye blog.