Cybersecurity: Network Monitoring Program Needs Further Guidance and Actions

Federal agencies are making strides in reducing cybersecurity risks thanks to the Continuous Diagnostics and Mitigation (CDM) program, but significant gaps remain. While CDM has improved agencies’ ability to respond to incidents and reduce threat exposure, it has yet to fully deliver on its promise of enhanced cybersecurity visibility and streamlined FISMA reporting. Agencies cited a lack of clear guidance and persistent data quality issues as barriers to broader implementation. The GAO recommends that CISA take urgent steps to address these shortcomings—especially in cloud asset management and endpoint detection—to improve the federal cybersecurity posture.