Automate network device assessment to support CDM program compliance

Managed by the Cybersecurity and Infrastructure Security Agency (CISA), the Continuous Diagnostics and Mitigation (CDM) Program is the US Department of Homeland Security’s risk management framework to reduce cyber risk and provide visibility of network security across US government agencies.

CDM’s objectives are to:
• Reduce agency threat surface
• Increase visibility into the federal cybersecurity posture
• Improve federal cybersecurity response capabilities
• Streamline Federal Information Security Modernization Act (FISMA) reporting

The CDM program leverages automated tools to assess configurations and identify potential vulnerabilities to determine and compare ‘desired state’ attribute values with ‘actual state’ attribute values of a network.

Appropriate NIST SP 800-53 controls are used to help establish the ‘actual versus desired state’ according to CDM. Per the requirements of CDM, the actual state of each agency’s network should be determined every 72 hours.

Discover which 33 NIST 800-53 network device checks can be automated with Nipper >
Download the NIST 800-53 Mapping Summary

CDM Capability Areas

CDM delivers capabilities in five key Areas:

• Data Protection Management
• Network Security Management
• Identity and Access Management
• Asset Management 
• Dashboard

Results from the first four CDM Capability Areas are fed into a dashboard at an agency level, producing bespoke reports that alert network managers of their most critical cyber risks. Summary information of the agencies’ performance is then displayed in a federal enterprise-level dashboard, providing aggregated situational awareness of the cyber security risk posture across the US federal government as a whole.

Automating NIST 800-53 controls with Nipper

The National Institute of Standards and Technology’s Special Publication 800-53 defines the standards and guidelines for federal agencies to architect and manage their information security systems.

Taking just minutes to set up and generate, our virtual modelling technology automates line-by-line analysis of device configurations, detecting precise security risks and evidencing compliance with 33 NIST 800-53 controls, in the following control families:

• AC – Access Control
• AU – Audit and Accountability
• CM – Configuration Management
• IA – Identification and Authentication
• RA – Risk Assessment
• CA – Security Assessment and Authorization
• SC – System and Communications Protection
• SI – System and Information Integrity
• SA – System and Services Acquisition

By using Titania Nipper to evidence compliance with NIST 800-53 controls related to core network devices in the above control families, users can assess performance against the CDM Asset Management Capability, and specifically the Configuration Settings Management (CSM) and Vulnerability Management (VUL) capabilities.

Many of these NIST 800-53 controls can also be mapped to the security practices within the DoD’s Cybersecurity Maturity Model Certification (CMMC) framework, meaning that defence supply chain companies can also automate much of the auditing and track the cyber compliance with the CMMC framework.

Support CDM program compliance with Nipper and Nipper Enterprise

Critical risk remediation prioritization:

  • Misconfigurations detected and assessed for
    • impact to the network if exploited,
    • ease of exploitation, and
    • ease and time to fix
  • Device specific remediation advice and command-line fixes
  • Daily configuration drift monitoring

Security and compliance assurance:

  • Assure compliance for FISMA, HIPAA, NIST, DISA RMF, CDM, CMMC and PCI DSS
  • Reduce audit times by up to 80% with evidence of compliance
  • Assessor-ready reports of compliance with:
    • 94% of NIST 800-53 network controls
    • 89% of CMMC network practices to evidence SCRM
    • 94% of PCI DSS network device procedures
    • STIGs

Continuous misconfiguration detection and response

  • Continuous visibility of misconfigurations and vulnerabilities
  • Strategic, real-time prioritization of risk and remediation
  • Dashboards and reports of security and compliance posture
  • Roadmap to playbook-controlled auto-remediation

Clients We Serve

Need accurate on-demand security and compliance audits and assurance?


Ready for continuous misconfiguration detection and response?


Related Resources

Check out our latest resources
Establish Defendable Network & Automate RMF Compliance
Establish Defendable Network & Automate RMF Compliance

Combining continuous misconfiguration detection and auto-mitigation with risk-focused compliance analysis

Read more
Nipper Enterprise Product Overview
Nipper Enterprise Product Overview

Foundational network configuration security for Zero Trust and PCI DSS 4.0 assurance at scale

Read more
NIST 800-53 Mapping Document
NIST 800-53 Mapping Document

Accurately automate the assessment of 94% of NIST 800 53 core network controls

Read more
Titania Nipper Datasheet - Military & Federal
Titania Nipper Datasheet - Military & Federal

Analysing the configurations and interactions of your network infrastructure with the expertise of a skilled penetration tester - Nipper’s unrivalled accuracy typically saves auditors more than 3 hours per audit, per device

Read more