How DHS is working to continually improve the Continuous Diagnostics and Mitigation program
Department of Homeland Security officials in charge of the Cybersecurity and Infrastructure Security Agency’s (CISA) Continuous Diagnostics and Mitigation (CDM) have pushed the program to evolve from a compliance-focused initiative to a real-time threat detection and response platform.
First launched in 2013, the program is now tracking approximately 6.5 million devices, which includes operational technology and internet-connected devices alongside traditional IT assets, and mobile devices.
Matt House, DHS deputy associate director and CDM program manager, says the department has been putting an “emphasis on interoperability” to meet agency needs.
“It’s about having the visibility when you need it to support ad hoc analysis, as well as routine analysis,” he said Wednesday at the 2025 Elastic Public Sector Summit, produced by FedScoop. “We can scale much more effectively that way.”
The program’s most significant shift comes in response to critical cybersecurity challenges, particularly after the 2021 SolarWinds breach. New statutory authorities granted after the incident, particularly in that year’s National Defense Authorization Act, have enabled CISA to conduct comprehensive cross-agency threat hunting and incident response.
The agency can now generate custom security dashboards within two to three days of identifying a vulnerability, allowing agencies to quickly prioritize and address potential security risks.
House said the ability to have “operational visibility” has improved what’s possible with the program.
“It’s really put us in the driver’s seat as a tool set, a weapon of first resort for operational counterparts,” he said. “It’s really fulfilling an extended vision of the full potential of what CDM can be, which is allowing CISA to be a complement to what some of the most mature agencies are already doing.”
Operating on a federated model, the program works to complement existing agency capabilities rather than imposing a uniform solution. This approach allows for greater flexibility across diverse federal network environments, covering 94 active agencies with potential impact on thousands of systems and millions of endpoints.
Shelly Hartsook, the acting associate director for CISA’s Cybersecurity Division, said DHS has refined that federated model through lessons learned over the past decade.
“We’ve learned a lot of lessons in the early days of CDM that having a one-size-fits-all solution and telling agencies what tool and what integrator they’re going to use was not exactly the most effective strategy,” she said.
As CDM continues to grow, House says emerging technologies, particularly artificial intelligence, are being explored to manage massive volumes of network data. The agency sees potential in AI for more efficient data analysis and improved threat detection.
