Skip to content

Continuous compliance at scale

DHS Continuous Diagnostics and Mitigation (CDM)

Support CDM Program compliance with misconfiguration detection and critical risk remediation prioritization

Streamline Network Security Assessment to Support CDM Compliance

Federal agencies are high-profile targets that must secure their networks against national state attacks, having continuous visibility of network risks is crucial to understand exposure and in planning remediation action.

Our solutions are a trusted component in the vulnerability management toolsets of federal agencies for verifying that switch, router and firewall configurations remain secure and compliant.

ICON - Configuration Drift Monitoring - Enterprise

Assess for configuration drift

Gain immediate awareness of any device configuration changes, providing assurance that planned network changes have not created new vulnerabilities as well as alerting to unplanned changes. 

ICON - Evidence-based compliance - Enterprise

Validate compliance with evidence

Appropriate NIST SP 800-53 controls are used to help establish the ‘actual versus desired state’ according to CDM. Using DISA STIG CCIs, Nipper solutions automate the accurate assessment of up to 49 NIST SP 800-53 base controls and control enhancements across 8 control families.

ICON - Software Vulnerability Management - Enterprise

Prioritize risk for remediation

Prioritize vulnerabilities according to network criticality and provides remediation guidance, improving both MTTD and MTTR.

Titania Federal Research Report cover

Research Report

This study reveals that an average of 51 network device misconfigurations were discovered in a two-year period with 4% deemed to be critical vulnerabilities that could take down the network within the U.S. Federal Government.

Person looking at report recommendations on laptop.

Automate CDM Compliance Reporting

Evidence compliance with NIST SP 800-53 controls related to network devices, assess performance against the CDM Asset Management Capability, and the Configuration Settings Management (CSM) and Vulnerability Management (VUL) capabilities.

See NIST SP 800-53 Mapping Document

Prioritize Remediation of Exploitable Risks

Automate prioritization of misconfiguration findings with mitigating advice to inform remediation workflows, allowing you to fix non-compliances, in a risk-prioritized order.

Learn More
Male IT technician holding laptop next to female IT technician who is pointing at server in data center.
Person looking at pass/fail evidentiary reports on laptop.

Mitigate Risks with Remediation Advice

Device-specific guidance on how to fix misconfigurations – including command line scripts in some cases – is provided to decrease the mean time to remediate security and compliance risks and inform POAMs (Plan of Action and Milestones).

Learn More

Minimize the Attack Surface

Attack Surface Management (ASM) assurance using NIST/MITRE-approved mapping of NIST 800-53 controls onto 10 of the 11 MITRE ATT&CK® Tactics for Network Infrastructure.

Learn More
Exclamation mark symbolising network security alert.
Female cyber security professional looking at network segmentation in work flow on computer.

Assure Zero Trust Policy

Assure Zero Trust policy with evidence that networks are segmented with deny all/permit by exception rules and devices are managed and compliant to IT security policies.

Learn More

Continuous Network Security &
Compliance, at Scale

Nipper Enterprise delivers fast, accurate visibility of network configuration posture at scale to ensure ongoing compliance in accordance CDM program requirements.

Explore Related Resources

Nipper Enterprise Product Overview

Nipper Enterprise Product Overview

NIST SP 800-53 Mapping Document
Mapping Documents

NIST SP 800-53 Mapping Document

 State sponsored attacks exploit publicly known vulnerabilities. Early detection of such attacks is vital.

State sponsored attacks exploit publicly known vulnerabilities. Early detection of such attacks is vital.


Looking for continuous assessment to:

  • Evidence compliance with CDM requirements and other RMFs?
  • Minimize your attack surface? 
  • Validate the security of every router, switch and firewall, everyday?