How Splunk Is Supporting the Federal CDM Program: Part 1

SplunkGov LogoThe Federal Government’s Continuous Diagnostics and Mitigation (CDM) program is one of the most important and widely discussed cybersecurity initiatives. In the face of high-profile breaches and increasingly sophisticated hackers, the CDM program is positioned to become more valuable as legislators pressure agencies to strengthen defensive capabilities. By 2017, the program aims to provide Federal Departments and Agencies (D/As) with the tools to strengthen network security and maintain a heightened risk awareness and assessment capability to rapidly respond to threats.

The CDM program covers 15 continuous diagnostic capabilities and is divided into three distinct phases. The first phase focuses on endpoint integrity and the management of enterprise assets, the second centers on user privileges and behavior and the third phase addresses event management, incident response and boundary protection.

Screen Shot 2015-08-31 at 1.55.59 PMSplunk Enterprise and the Splunk App for Enterprise Security are uniquely positioned to address the requirements of CDM while reducing the risk assumed by CDM prime contractors and D/As. Splunk’s solutions are critical to the successful deployment of CDM. The Splunk platform provides D/As a holistic view of their enterprise by ingesting terabytes of data in real-time and automatically detecting, and mitigating, any delta of the real time configuration of their enterprise, from the predefined “desired state.”

Splunk’s analytics capabilities are a critical component to helping agencies create a Master Device Record (MDR) – the single record that incorporates information from all tools and assets in a seamless, holistic manner. The creation of an MDR is an important part of Phase 1 – it provides a clear window to view network activity. In this way, the Splunk platform serves as the “glue” that integrates all the disparate solutions that comprise CDM’s functional areas. The platform also enables D/As to organize, analyze and utilize the massive amount of data generated to finally achieve effective real continuous monitoring.

In March 2015, Knowledge Consulting Group (KCG) was awarded $29 million in the first combined tools and services Task Order (TO 2A) under Phase 1. KCG will deploy Splunk to provide the Department of Homeland Security (DHS) a comprehensive risk and security management solution.

The intent of the CDM initiative is enhance D/As’ security posture by providing a real time, risk based, enterprise understanding of any problems that affect system and service availability across application management, security and IT operational areas. To deliver on this vision, D/As must possess a solution that provides the means to correlate and visualize data from all sources to allow for the acceptance and mitigation of enterprise risk. Splunk, as the platform for machine data, provides D/As the ability to implement the full vision of the CDM program goals.

Learn more about how Splunk is being used for CDM.


Nick Murray
CDM Program Manager & Public Sector Cloud Specialist
Splunk Inc.