TIC 3.0 and CDM — both developed by DHS’s CISA — are meant to work hand-in-hand in giving agencies visibility into their IT networks and securing them.

No more taking systems offline while security analysts work, said the new department CIO.

Agency leaders can turn CDM reporting requirements into a boon for their security teams, ultimately lowering costs on duplicative security and monitoring tools.

Inaccurate hardware counts were an issue at agencies even before increased telework added more devices to their networks.

Agencies have generally deployed tools for relaying cybersecurity data, according to the Government Accountability Office.

The document adds a section on the tenets of the security philosophy and adopts longstanding federal language around approaches.