Continuous Diagnostics and Mitigation (CDM) Training

Welcome to the Continuous Diagnostics and Mitigation (CDM) Training page. Here you will discover numerous CDM training resources available in multiple formats and forms of media. These options are meant to enrich your learning experience and help you gain further awareness, understanding, and overall knowledge of the CDM Program. The delivery methods we offer include In-person, On-demand, Virtual In-person, Micro-learns, and Webinars.

Sign up! Receive training opportunity notices and learn more about our online, interactive, self-paced training options, webinars, and micro-learns. Email CyberInsights@cisa.dhs.gov for registration information.

Audience: Those who monitor, manage, and oversee information systems controls, such as Information System Security Officers (ISSO), Systems Administrators, CDM Points of Contact (POC), Information Systems Security Managers (ISSM), and others who report measurements and/or metrics.

Continuous Diagnostics and Mitigation Training Privacy Act Statement

CDM Dashboard Cyber Range Training

CISA provides Continuous Diagnostics and Mitigation (CDM) dashboard cyber range training within a virtual environment, which provides students a simulated version of the ES-5 CDM Dashboard currently in production at participating federal agencies. Students will have the opportunity to complete hands-on lab activities with knowledge check questions at the conclusion of each lab.

Training Topics:

CDM111: Analyzing Cyber Risks with the CDM Agency Dashboard

A two-day in-person course that explores the features of the current CDM Agency Dashboard version ES-5 such as Data Quality Reporting, Security Technical Implementation Guide (STIG) Reference Data, Federal Information Security Modernization Act (FISMA) Metrics, Summary Reporting, and other capabilities.

The hands-on lab activities in the current CDM Agency Dashboard version ES-5 include identifying the top network risks using CVEs; targeting legacy software and identifying unmanaged devices; prioritizing mitigation activities using the Agency Wide Adaptive Risk Enumeration (AWARE) 1.5 supplemental scoring algorithm; monitoring users’ Identity and Access Management (IdAM) capability status; creating filters; using unique queries; and producing tailored status reports.

CDM141: Introduction to the CDM Agency Dashboard

This four-hour course will review the current CDM Agency Dashboard enhancements including Risk Scoring, AWARE 1.5, Data Quality Reporting, STIG Reference Data, IdAM, FISMA Metrics, Summary Reporting, and other capabilities. Participate in hands-on lab activities to learn how to navigate and search the data within CDM using the Elastic Stack tools. See how that data can be used to create meaningful custom reports to communicate query results to leadership and stakeholders. Learn how to use AWARE to prioritize vulnerability management activities to address (or mitigate) the most critical vulnerabilities first.

CDM142: Asset Management with the CDM Agency Dashboard

This four-hour course will review the CDM Agency Dashboard enhancements including Risk Scoring, AWARE 1.5, Data Quality Reporting, STIG Reference Data, IdAM, FISMA Metrics, Summary Reporting, and other capabilities. Learn how you can use the CDM Agency Dashboard unified data to enhance situational awareness, mitigation prioritization, and cybersecurity outcomes within your organization. Participate in hands-on lab exercises to navigate and search the data within the CDM Agency Dashboard. See how you can use that data to create meaningful and visually appealing custom reports to communicate query results to leadership and stakeholders. Learn how to use AWARE to prioritize asset management activities to address or mitigate the most urgent or highest impact vulnerabilities first.

CDM143: Vulnerability Management using the CDM Agency Dashboard

This four-hour course provides an engaging review of the current operational version of the CDM Agency Dashboard, including Risk Scoring, AWARE 1.5, Data Quality Reporting, STIG Reference Data, IdAM, FISMA Metrics, Summary Reporting, and other capabilities. Students will gain foundational knowledge to effectively use the CDM Agency Dashboard AWARE 1.5 risk algorithm and prioritize vulnerability management activities to address the worst vulnerabilities first.

CDM201: Identity and Access Management using the CDM Agency Dashboard

This four-hour course will provide a demonstration and explore how the current version of the CDM Agency Dashboard incorporates “Who is on the Network” security capabilities. Create custom reports to determine how to effectively communicate search results through customizable reports. Discuss IdAM policies and "desired state" requirements and how they compare against the “actual state" data the CDM Agency Dashboard provides.

CDM202: Configuration Settings Management (CSM) with the CDM Agency Dashboard

This four-hour course will discuss the basic concepts associated with the CSM capability and the security configuration benchmarks used for the CDM Dashboard. Participants will engage in lab activities that explore how the CDM Agency Dashboard incorporates the CSM capability and demonstrate the basic steps to identify, analyze, and report configuration setting discrepancies within a given system boundary using the CDM Agency Dashboard. The course provides a basic overview of how CSM-related vulnerabilities contribute to an Agency's AWARE score.

CDM203: Systems Security Analyst

This four-hour course will identify and discuss the dashboard role of the System Security Analyst, recommended continuous monitoring activities, and use of the dashboard to support those activities. The course will demonstrate how to search and save routine queries to support recurring reporting responsibilities and identify and analyze system discrepancies within a given system boundary using the CDM Agency Dashboard.

CDM210: CDM Enabled Threat Hunting (CETH) using the CDM Agency Dashboard

This four-hour course will define CETH and describe its purpose, benefits, and how CETH is a key component in responding to the current governmental directives such as Executive Orders and Binding Operational Directives. Gain hands-on experience through guided lab activities in the current CDM Agency Dashboard training environment. Discover how to use the CDM Agency Dashboard to identify Known Exploited Vulnerabilities and other specific vulnerabilities currently affecting government. Discuss mitigation and remediation processes at your agency.

CDM220: CDM & Federal Mandates—How to use the CDM Dashboard to enable automated BOD 22-01 Reporting

This four-hour course presents information regarding current federal cybersecurity directives, mandates, and policies and CDM Agency Dashboard support capabilities. The course will prominently feature details regarding use of the CDM Dashboard to enable automated Binding Operational Directive (BOD) 22-01 reporting. The key features of this course include policy origination and history, current directives and mandates, agency and CISA responsibilities, subject matter expertise regarding directives and mandates, and an overview of the new BOD 23-01

This course will provide information regarding use of the CDM Dashboard to address the requirements of a directive, adhere to policies, and understand how to identify and monitor known exploitable vulnerabilities. CISA recommends knowledge of cybersecurity and privacy principles and a familiarity with organizational cybersecurity requirements and procedures.

CDM222: Using the CDM Agency Dashboard to Advance Cyber Defense

This two-day, in-person course explores the features of the current CDM Agency Dashboard version such as details on Configuration Settings Management, CDM Enabled Threat Hunting, federal mandates such as Binding Operational Directives (BOD) 22-01, 23-01 and Executive Order 14028. Additionally, the systems security analyst roles for continuous monitoring will be discussed and other capabilities of the CDM Dashboard ES-6.

There will be nine (9) hands-on lab activities in the current CDM Agency Dashboard version, which include identifying the top risks to your network by using CVEs; searching for configuration misconfigurations; identifying continuous monitoring methodologies; how to use the known exploited vulnerabilities (KEV) catalog; exploring the Directives Dashboard and targeting CVEs related to BODs; and creating detailed filters and unique queries to produce tailored status reports.

CDM301: Management Overview of CDM and the CDM Agency Dashboard

This two-hour course will describe the key elements of the Management Leadership Role as the National Initiative for Cybersecurity Education (NICE) Framework defines them, review the principles of information assurance, identify the Federal laws that govern cybersecurity and required executive and senior-level management responsibilities, and discuss the purpose of the CDM Program. The course will show how the CDM Agency Dashboard can help establish a cybersecurity baseline. A demonstration of how the CDM Agency Dashboard can be used to make risk-based decisions at the enterprise level will also be discussed.

CDM320: Using the CDM Agency Dashboard to Respond to Federal Directives—BOD 22-01 & BOD 23-01

This two-hour course presents information regarding current Federal cybersecurity directives BOD 22-01 and BOD 23-01 and the CDM Agency Dashboard can support these directives. The course will explain the BODs’ scope and cover reporting responsibilities. The hands-on labs will enable students to practice using the CDM Agency Dashboard to enable automated BOD 22-01 reporting. This course will provide an overview of BOD 23-01 and guide the learner on use of the CDM Dashboard to address the requirements of a directive, adhere to policies, and understand how to identify and monitor Known Exploitable Vulnerabilities.

CDM Agency Dashboard Micro-Learn Videos

These short (3–10 minutes) CDM Agency Dashboard videos will provide a foundation level of knowledge and background to help dashboard end users prepare for in-person training demonstrations and hands-on activities, as well as the new dashboard implementation.

• CDM Agency Dashboard—Kibana User Interface
• CDM Agency Dashboard Architecture and Data Flow
• CDM Agency Dashboard Data Structure and Schema
• CDM Agency Dashboard—Understanding JSON Documents

Virtual Learning Training Environment

The Federal Virtual Training Environment (FedVTE) Continuous Diagnostics and Mitigation (CDM) Training Program is a library of online video vignettes for Government employees and contractors. All the Micro-learn videos and CDM Dashboard course recordings are available via FedVTE.

FEDERAL VIRTUAL TRAINING ENVIRONMENT (FEDVTE)

AWARE (Agency-wide Adaptive Risk Enumeration)

These Agency-Wide Adaptive Risk Enumeration (AWARE) videos discuss how agencies can optimize the use of AWARE—an algorithm tied into the CDM Federal Dashboard that helps agencies measure risk. The video explains what AWARE is, what it does, and how agencies can use AWARE to improve their risk management decisions.

AWARE Videos

Learn How CDM’s AWARE Scoring Can Help You Reduce Cyber Risk

Learn how AWARE works and how it can reduce risks across the federal enterprise. Mr. Dave Otto, CDM Program Management Office, presents a one-hour webinar on AWARE, providing an overview of the scoring methodology behind AWARE and what you need to do to improve your agency’s score. He also offers insights on how AWARE could evolve as agencies gain more experience with CDM to support information security continuous monitoring policies.

Learn How CDM's AWARE Scoring Can Help You Reduce Cyber Risk Recording

Learn How CDM's AWARE Scoring Can Help You Reduce Cyber Risk Slide Deck

Learn How CDM's AWARE Scoring Can Help You Reduce Cyber Risk Certificate of Attendance

Incident Response Training

CISA offers no-cost cybersecurity Incident Response (IR) Training series with a range of offerings for beginner and intermediate cybersecurity analysts, including basic cybersecurity awareness, best practices for organizations, and facilitated lab activities. Course types include Awareness Webinars (100-level) and Cyber Range (200-level) Training. To learn more about CISA’s IR Training Program, please visit Incident Response Training | CISA.