Get a Break from the Chaos of RSA and Meet with Forcepoint at the St. Regis.


Forcepoint Survey Explores Impact of Federal CDM Program

Rachael Lyon
October 23, 2018, 8:00 am CDT
  • Majority believes in effectiveness of CDM Program, but senior IT staff are more optimistic
  • System compatibility and risk-adaptive security are top priorities for CDM Program

AUSTIN, TX – Oct. 23, 2018 – Global cybersecurity leader Forcepoint today announced the results of its Federal CDM Survey, which explores how the Continuous Diagnostics & Mitigation (CDM) Program is tracking against the goal of providing more effective cybersecurity solutions for government agencies. Respondents were asked to comment on the current state of CDM in their agency, share their impressions, desired outcomes and pain points related to the program.

The findings of this report are based on a survey fielded in August 2018 by independent research firm Market Connections, which yielded responses from more than 200 federal civilian IT decision makers in the United States.

Key Findings

CDM Perspectives Differ between Managers and Implementers

  • When asked to rate the effectiveness of the current implementation of CDM in their agency or department, managers and directors were almost three times as likely to describe CDM as very or somewhat effective (88%) as compared to implementers. (31%)
  • When asked to evaluate what they believe the effectiveness of the CDM program will be once all CDM phases are rolled out, the gap closed somewhat. Fifty-four percent of implementers thought the program would be very or somewhat effective compared to 88 percent of managers and directors.


The Most Important CDM Priorities are Compatibility and Risk-Adaptive Security


  • Compatibility with existing systems is of utmost importance, followed by risk-adaptive security, with both aspects seen as extremely or very important by more than one-half of respondents.
  • Concern over insufficient compatibility of CDM tools with existing systems is listed as a potential or very big problem by 92 percent of respondents.
  • Ninety-one percent also worry that the CDM Program limits the use of the latest technology.


Government IT Teams Want the CDM Program to Deliver Faster Response Time for Attacks and a Proactive Approach to Security Threats Above All


  • When asked to rank the results of the CDM program, respondents selected faster response to attacks (59%), a more proactive approach to security threats (58%) and enhanced security (56%) as their preferred outcomes.
  • Managers and directors were even more likely to rate these outcomes as extremely or very important.


The CDM Program was designed to help government teams identify and prioritize cybersecurity risks and enable cyber personnel to quickly mitigate these problems. Given concerns about compatibility of CDM-approved tools with legacy systems, savvy government CISOs and CIOs will leverage the CDM program to modernize their overall infrastructure. The survey results also point to a clear need to address the difference in perspectives between managers and implementers. For agencies to see the full benefit of the CDM Program, there needs to be stronger alignment and agreement about both the benefits and challenges associated with the Program.

“Government is starting to see the fruits of its labor with CDM implementations, and significant positive changes have been made in DEFEND based on experiences in the early phases of the program,” said Eric Trexler, vice president, Global Governments and Critical Infrastructure at Forcepoint. “The work is far from done. As agencies advance along this journey, teams are facing numerous obstacles from training and data protection to system compatibility. Nevertheless, teams are optimistic and nearly two-thirds of respondents anticipate that the CDM Program will be very or somewhat effective when the rollout at their agency is complete.”

Additional Resources


About Forcepoint
Forcepoint is the global human-centric cybersecurity company transforming the digital enterprise by continuously adapting security response to the dynamic risk posed by individual users and machines. The Forcepoint Human Point system delivers Risk-Adaptive Protection to continuously ensure trusted use of data and systems. Based in Austin, Texas, Forcepoint protects the human point for thousands of enterprise and government customers in more than 150 countries.