Agency-Wide Adaptive Risk Enumeration (AWARE)
Personal CDM data could be used ‘inappropriately’ when integrators are involved
Third-party contractors are prohibited from using or sharing data collected with CISA in their task orders, but that's no guarantee.
CDM’s agency cyber risk scores will be relative, at least initially
The scores won't be public, though, "because we know adversaries will be looking to see which agencies are having problems," says Continuous Diagnostics and Mitigation program manager Kevin Cox.