Lift FITARA and FISMA Scores With CDM DEFEND and Gigamon

Updated October 14, 2021.

All signs indicate that the U.S. Department of Homeland Security’s Continuous Diagnostics and Mitigation (CDM) program¹ is working. So far, it’s hitting its primary goal of moving federal agencies from being merely reactive to using a dynamic, continuous process of both assessing risks and improving cybersecurity.

In fact, in the June report of the Department of Homeland Security’s Action Plan to Strengthen Federal Cybersecurity,² the CDM DEFEND program received high marks, with “98 percent of agencies with an active CDM data feed into the Federal Dashboard and 96 percent reporting they had the CDM tools available to understand what’s happening in their network.”

But there’s still work to do. In a recent Senate report, “Federal Cybersecurity: America’s Data at Risk,”³ it was reported that:

“Five of the eight agencies did not maintain a comprehensive and accurate list of information technology (“IT”) assets. Without a list of the agency’s IT assets, the agency does not know all of the applications operating on its network. If the agency does not know the application is on its network, it cannot secure the application.” (Emphasis added.)

That’s an alarming finding given the highly motivated nation states and cybercriminals who are looking to make a buck or steal secrets.

As a result, we’re seeing new policies to enforce stricter rules.

Big Changes to FITARA and DCOI  

On June 26, the Federal Information Technology Acquisition Reform Act (FITARA) 8.0⁴ was released with one big change: The Federal Information Security Amendments Act (FISMA) IG Metric scores are now included as a column in the FITARA scorecard. As a result, several agencies’ scores dipped because of lower FISMA scores. FISMA has always been important — but it’s even more so now.

In other FITARA-related news, the Federal CIO Office just released the draft of the new Data Center Optimization Initiative (DCOI)⁵ strategy, which expands scoring to encompass server optimization/data center utilization and cloud migrations, to ensure more efficient operations and close facilities that aren’t deemed “long-term mission critical.”

Having visibility into the cloud is more important than it’s ever been — and will only get more important as time goes on — and that will put more of a strain on cybersecurity.

How to Boost FISMA and FITARA Scores

In CDM DEFEND, if your network and security monitoring tools are the brain, the Gigamon Visibility Fabric, a next-generation network packet broker, is the eyes and ears, providing you with full visibility into what’s happening within your physical, virtual and cloud networks.

Gigamon deployments via CDM DEFEND have already contributed to improved FISMA Identify and Protect CIO Metric scores, enabling maximum discovery of network hardware and software assets.  The Gigamon Visibility Fabric™ provides an essential element for improving agencies’ Detect and Respond scores, providing:

• Maximum visibility for detection of threats or compromises from email malware
• Maximum visibility for detection and mitigation of data loss prevention or data exfiltration
• Maximum visibility to detect when unauthorized devices connect to your network

“Maximum visibility” includes collecting, decrypting and filtering encrypted traffic.

It’s estimated that at least 60 percent of malware communications are hidden within TLS-encrypted traffic.⁶ And that traffic is not being inspected, which creates a huge blind spot. With Gigamon SSL/TLS decryption, you can expose that traffic.

Gigamon visibility also impacts agency FISMA IG Metric scores (and therefore FITARA grades!), enabling and contributing to agency attainment of Managed and Measurable or Optimized in the following areas:

• Identify Function Area – Maintain an accurate asset inventory (Q1), and implement a network infrastructure engineered to support network cybersecurity (Q6)
• Protect Function Area – Optimize boundary cybersecurity monitoring (Q20), enable PII security control implementation (Q34) and optimize cybersecurity for high value assets and data loss prevention solutions (Q35)
• Detect Function Area – Maximize before and after traffic visibility for cyber tools to enable effective ongoing assessments and maximize cyber-related event detection (Q49)
• Respond Function Area – Enable collection of forensics (Q52, Q54, Q55) and optimize use of WAF, IDS/IPS, SIEM, malware detection and data loss prevention tools in support of incident response (Q58)

With Gigamon, you see more of what’s happening within your network, so you can detect incidents or breaches in real time and respond much faster, improving your overall mean time to detect and mean time to identify.

How to Maintain FISMA, DCOI and FITARA Scores for Cloud Migrations

As you migrate operations to the cloud, you can lose the traffic visibility needed to maintain effective cybersecurity monitoring across cloud operations, which will lower many of your visibility-dependent CIO Metric scores.

And the Managed and Measurable or Optimized processes and solutions that you have implemented for asset management, network protection, ongoing assessment and incident response won’t automatically extend to cloud operations, lowering your FISMA IG Metric/FITARA scores and grades.

The Gigamon Visibility Fabric provides traffic visibility across IaaS cloud deployments, enabling agencies to extend the reach of existing cyber solutions and extend the reach of existing security operations center and network operations center processes to cloud operations, maintaining FISMA and FITARA scores as operations are migrated to the cloud.

This visibility is essential given the new standards for scoring DCOI with the new focus on cloud utilization.

We’re at a point where pervasive visibility across your entire network is critical to stay ahead of attacks — and to meet the FITARA, FISMA and DCOI requirements. And protecting government networks and information is, in turn, critical for fulfilling agencies’ missions to serve the public.

To find out how the Gigamon Visibility Fabric can help you improve security and reduce costs in your agency, visit our Federal home page.

Citations

1. U.S. Department of Homeland Security. “Continuous Diagnostics and Mitigation (CDM).” CISA. Accessed July 24, 2019. https://www.dhs.gov/cisa/cdm.
2. U.S. Department of Homeland Security. “Agency Priority Goal Action Plan: Strengthen Federal Cybersecurity.” Performance.gov. June 2019. Accessed July 5, 2019. https://www.performance.gov/homeland_security/FY2019_June_DHS_Strengthen_Federal_Cybersecurity.pdf.
3. United States Senate Permanent Subcommittee on Investigations, Committee on Homeland Security and Governmental Affairs. “Federal Cybersecurity: America’s Data at Risk.” United States Senate. Accessed July 5, 2019. https://www.portman.senate.gov/sites/default/files/2019-06/2019.06.25-PSI%20Report%20Final%20UPDATE.pdf.
4. United States House of Representatives, House Committee on Oversight and Reform. FITARA 8.0. House Committee on Oversight and Reform. July 1, 2019. Accessed July 5, 2019. https://oversight.house.gov/legislation/hearings/fitara-80.
5. Kent, Suzette. “Update to Data Center Optimization Initiative (DCOI).” Office of the Federal Chief Information Officer. June 25, 2019. Accessed July 5, 2019. https://datacenters.cio.gov/policy/.
6. Desai, Deepen. “SSL/TLS-based Malware Attacks.” Zscaler. August 2, 2017. Accessed April 25, 2019. https://www.zscaler.com/blogs/research/ssltls-based-malware-attacks.