Continuous compliance at scale
DHS Continuous Diagnostics and Mitigation (CDM)
Support CDM Program compliance with misconfiguration detection and critical risk remediation prioritization
This study reveals that an average of 51 network device misconfigurations were discovered in a two-year period with 4% deemed to be critical vulnerabilities that could take down the network within the U.S. Federal Government.
Automate CDM compliance reporting
Evidence compliance with NIST SP 800-53 controls related to network devices, assess performance against the CDM Asset Management Capability, and the Configuration Settings Management (CSM) and Vulnerability Management (VUL) capabilities.
Prioritize remediation of exploitable risks
Automate prioritization of misconfiguration findings with mitigating advice to inform remediation workflows, allowing you to fix non-compliances, in a risk-prioritized order.
Mitigate risks with remediation advice
Device-specific guidance on how to fix misconfigurations – including command line scripts in some cases – is provided to decrease the mean time to remediate security and compliance risks and inform POAMs.
Minimize the attack surface
Attack Surface Management (ASM) assurance using NIST/MITRE-approved mapping of NIST 800-53 controls onto 10 of the 11 MITRE ATT&CK® Tactics for Network Infrastructure.
Assure Zero Trust policy
Assure Zero Trust policy with evidence that networks are segmented with deny all/permit by exception rules and devices are managed and compliant to IT security policies.
Continuous network security &
compliance, at scale
Nipper Enterprise delivers fast, accurate visibility of network configuration posture at scale to ensure ongoing compliance in accordance CDM program requirements.
Explore Related Resources
Nipper Enterprise Product Overview
NIST SP 800-53 Mapping Document
State sponsored attacks exploit publicly known vulnerabilities. Early detection of such attacks is vital.
Looking for continuous assessment to:
- Evidence compliance with CDM requirements and other RMFs?
- Minimize your attack surface?
- Validate the security of every router, switch and firewall, everyday?