CDM Frequently Asked Questions

Welcome to the Continuous Diagnostics and Mitigation (CDM) Frequently Asked Questions (FAQ). Here you will find a collection of questions that have been provided by the CDM training team as well as questions provided by our subject matter experts and the CDM user community. 

Click on a security capability below to see the frequently asked questions concerning that topic area. These questions are intended to be a self-service support resource. If at any time you require additional assistance, please feel free to contact us directly at Other considerations, inquiries, and suggestions for revision or addition may also be submitted to: This FAQ will be updated as necessary.

CDM Security Capabilities

  • Prepare for Incidents and Contingencies*
  • Detect Suspicious Events/Patterns*
  • Respond to Incidents and Contingencies*

* FAQs coming soon

Wheel that looks like a pie with 15 slices that represent security capabilities.  These security capabilities are grouped into four major sections:  Manage Assets, Manage Accounts for People and & Services, Manage Events and Manage Security Lifecycle.   Each area has a distinct start and stop component to uniquely identify the section from other sections.   Manage Assets is represented by five security capabilities:  Hardware Asset Management, Software Asset Management, Configuration Settings Management, Vulnerability Management, Boundary Protection.    Manage Accounts for People & Services is represented by four security capabilities: TRUST-Manage Trust in People Granted Access,BEHAVE-Manage Security Related Behavior,CRED-Manage Credentials and Authentication, PRIV-Manage Privileges.   Manage Events is represented by three security capabilities:  Prepare for Incidents and Contingencies, Detect Suspicious Events/Patterns, Respond to Incidents and Contingencies.     Manage Security Lifecycle is represented by three security capabilities:  Document Requirements from a Policy and Planning perspective, Manage Quality and Manage Risk and Investments.
In addition to the material provided here, there are online video vignettes available. Government employees and contractors can register through FedVTE and non-governent users can registrer through STEPfwd.