Continuous Diagnostics and Mitigation
Phase 3: Boundary Protection and Event Management

The CDM Program of the Department of Homeland Security (DHS)/Federal Network Resilience (FNR) is a federally funded program, designed to provide a new approach to protecting the cyber infrastructure of the .gov network environment. CDM moves away from historical compliance reporting toward combating threats to our nation’s networks on a real-time basis. The CDM Program offers DHS, along with Federal Departments and Agencies, State, Local, Regional, and Tribal governments, the ability to enhance and further automate existing continuous network monitoring capabilities, correlate and analyze critical security-related information, and enhance risk-based decision making at the agency and Federal enterprise levels.

Continuous Diagnostics and Mitigation (CDM) Solution Brief

Learn why Forum Systems technology is central to achieving Continuous Diagnostics and Mitigation.

The Forum Sentry API Security Gateway

The Forum Sentry API Security Gateway is the industry’s only FIPS 140-2 and NIAP NDDP certified API Security Gateway purpose-built to provide an API-based architecture that enables secure collaboration and information assurance by API data processing with identity-based dynamic rule enforcement. The Forum Sentry API Security gateway combines Security, Identity, Mediation, and Reporting into one central technology architecture that can be deployed and managed in any computing environment.

Industry Certified and Proven Secure:Industry Certified and Patented


FIPS 140-2 Level II

- Entire Hardware System

EAL 4+ Certified Integrated Hardened Security

- FIPS 140-2 Level III HSM with Security World

NIAP NDPP (Network Device Protection Profile)

- All Administration Interfaces and Ports

U.S. Dept. of Defense Certified PKI Component

   – No OpenSSL libraries, no C-Based libraries

 

Achieving CDM through Secure Collaboration

CDM Diagnostics and Mitigation
The CDM Program requires a technology capability that can consolidate disparate client and server based technologies into a unified set of collaborating entities. Challenges of CDM within agencies and across agencies include:

Forum Sentry API Security Gateway solves all of these areas with cryptographic accelerated processing, dynamic encryption and decryption of information selectively grouped by enclave, and schema enforcement and data aggregation that ensures interoperability and standardized formatting of information exchanges.

 

Solving CDM Phase 3 General Requirements for all Tools and Technologies

CDM Phase 3 Requirements
The CDM Phase 3 requirements have 4 primary overriding requirements that all technologies and tools must adhere to across all functional areas. These include:

Reporting: Centralized dashboard consolidation of information such as devices, software products, people, roles, accounts, credentials, etc.

Interoperate: Data sharing with tools, client systems, server systems, databases, identity systems, etc

Scale: Must be able to scale to high volume transactions

Secure Collected Data: FIPS 140-2 data security for content, and FIPS 140-2 protocol security for communication channels

Forum Sentry API Security Gateway is purpose-built for interoperability and accelerated, scalable data security with FIPS 140-2 certified algorithms and patented cryptographic acceleration. Reporting and consolidation of information is fundamental to gateway technology which aggregates data feeds and facilitates secure data transfer and collaboration. The ability for Forum Sentry to dynamically apply security and identity related policies in-line to the data streams enables dynamic collaboration and secure enclaves of information exchanges to be built, while enabling seamless interoperability and offloading data transfer scalability from the underlying environment tools.

 

Secure Data within Physical and Logical Enclaves

Secure Data with Physical and Logistical Enclaves
The Continuous Monitoring and Diagnostics initiative involves data consolidation and collaboration from complex, diverse ecosystems of information. The ability to securely combine and aggregate this information for analysis is essential to ensure that the privacy consideration of the data itself are kept within the ‘enclaves’ of expected collaboration. Forum Sentry API Security Gateway provides the ability to function at the border areas of information exchange to dynamically encrypt data and securely transmit data to the designated locations using the designated security based on the identity context of the information itself. This dynamic ability to have rules that enact on traffic at TCP Layer 4-7 with policy rules dynamically applied based on identity and message criteria enable simplifying the data consolidation and information assurance within the privacy of the collaboration enclaves.

 

CDM Phase 3 – End State

CDM requires implementing a collaboration network architecture that enables data exchange among the tools involved in capturing the data from various sources to use for CDM correlation and aggregated analysis.   Creating a secure ecosystem requires embracing FIPS 140-2 and NDDP secure gateway technology which provides a rules-based approach of Layer7 deep-context awareness for information assurance and granular privacy and security.  Dynamic identity and security  rules applied at the data borders provide a sophisticated level  of information context far beyond traditional Tier 0 network components.

cdm-phase2-end-state

 

A gateway approach as a central theme for CDM implementation removes the complexities associated with end-point based solutions that use disparate tools and technologies.   Aggregating information  securely, consistently, and at highly scalable speeds, with specific privacy controls at the information border exchanges ensure only the target correlation points have the privileges to access the data.   Interoperability is simplified through architecture design of the gateway mediation layer.

  • Forum Systems Divider

    Forum Sentry API Security Gateway

    sentry-secured

    checkbox FIPS 140-2 and NDPP Secure OS and Architecture

    checkbox Over 100 built-in messaging standards

    checkbox Built-in Identity, Security, and Integration

    checkbox Built-in Monitoring and Analytics

    checkbox Built-in Cloud Brokering

    checkbox Built-in policy automation and auto-provisioning