Address DHS CDM Phase 2 for Credentials and Authentication
Congress established the Department of Homeland Security (DHS) Continuous Diagnostics and Mitigation (CDM) program to provide pre-evaluated, risk-based, and cost-effective cybersecurity and more efficiently allocate cybersecurity resources. The CDM program helps protect government IT networks from cybersecurity threats and enhances risk-based decision making.
Centrify Server Suite is the selected solution for CDM Phase 2 CRED that ensures all federal agency associates only have access to servers, applications or network resources based on their unique role and responsibility within their organization.
Centrify Server Suite for Phase 2 CRED
Phase 2 CRED Requirement
Centrify Server Suite Capability
Active Directory: The primary identity store for all Agencies is MS Active Directory with a full span of control encompassing accounts, networks, devices, and applications.
PIV Authentication Everywhere: Agency users’ primary credentials are PIV-based for both system authentication (login) and authorization (privilege elevation) while preventing password-based authentication.
Separation of Duties: Consolidate user accounts and groups into Active Directory and enforce separation of administrative duties.
Least Privileged Access: Account and credentials to be securely used and managed in dependent systems such that all authorized users only have the proper level of access necessary to perform their specific job duties.
The CDM Tools blanket purchase agreement (BPA) allows federal departments and agencies, state, local, regional, and tribal governments, as well as other authorized organizations to procure cyber tools, implementation services and support —without unplanned budgetary expense — that have undergone thorough technical capability reviews to ensure the products meet the functional areas of the CDM Program, and the standards required for government-wide implementation.