FEDTECH: How is the platform for the non-CFO Act agencies different from that for the CFO Act agencies?
Cox: Some of the non-CFO Act agencies are smaller agencies don’t have the broader set of resources that are helpful in terms of managing an overall cyber program. So rather than putting an additional burden on those agencies to manage their own dashboard, we developed a shared services platform. Version 1.0 was our first venture into the cloud. Each of the non-CFO Act agencies participants received the asset management and identity and access management capabilities in their environments and had their own dashboard in the multitenant shared service environment. Version 2.0 expands the flexibility that the agencies have in the tools that they use. The environment itself is more robust and is taking full advantage of all of the security capabilities available in the CDM program. It’s a higher performance, more scalable environment.
FEDTECH: CISA is the official shared services office for cybersecurity in the Quality Services Management Office (QSMO) program. Are the CDM shared services part of that?
Cox: When CDM started in 2012, we were one of the first organizations to offer shared services across the federal government from a cyber perspective, for the non-CFO Act agencies. The cyber QSMO will point to the new CDM shared services platform as one of the offerings within its portfolio. We will align with the QSMO marketplace and offer that shared services platform through that marketplace.
FEDTECH: How does CDM work with agencies to accommodate their technology needs and budgetary concerns?
Cox: From a technology and a solution standpoint, we want to work with each agency to understand what it already has in place, and work to meet it as much as possible within that space. Likewise, as the threat evolves, we need to be adept and nimble in terms of adjusting to that as well. When CDM started, it was about working with each agency’s CIO and CISO to define a common solution set across that entire agency.