Federal Compliance

Address DHS CDM Phase 2 for Credentials and Authentication

Congress established the Department of Homeland Security (DHS) Continuous Diagnostics and Mitigation (CDM) program to provide pre-evaluated, risk-based, and cost-effective cybersecurity and more efficiently allocate cybersecurity resources. The CDM program helps protect government IT networks from cybersecurity threats and enhances risk-based decision making.

Centrify Infrastructure Services is the selected solution for CDM Phase 2 CRED that ensures all federal agency associates only have access to servers, applications or network resources based on their unique role and responsibility within their organization.

Centrify Server Suite for Phase 2 CRED
Phase 2 CRED Requirement Centrify Server Suite Capability
Active Directory: The primary identity store for all Agencies is MS Active Directory with a full span of control encompassing accounts, networks, devices, and applications. Identity Consolidation and Active Directory Bridge
PIV Authentication Everywhere: Agency users’ primary credentials are PIV-based for both system authentication (login) and authorization (privilege elevation) while preventing password-based authentication.  
Separation of Duties: Consolidate user accounts and groups into Active Directory and enforce separation of administrative duties. Centralized Identity and Access Management
Least Privileged Access: Account and credentials to be securely used and managed in dependent systems such that all authorized users only have the proper level of access necessary to perform their specific job duties. Role-based Access Control
Privilege Elevation Management: Eliminate the problem of too many users having too broad and unmanaged administrative power. Privilege Elevation Management
Session Auditing and Recording: Mitigate insider threats and meet compliance requirements with full audit trails and session capture of privileged user activity on Windows, Linux and UNIX servers. Auditing and Reporting
Quick Win for your Agency

The CDM Tools blanket purchase agreement (BPA) allows federal departments and agencies, state, local, regional, and tribal governments, as well as other authorized organizations to procure cyber tools, implementation services and support ­—without unplanned budgetary expense — that have undergone thorough technical capability reviews to ensure the products meet the functional areas of the CDM Program, and the standards required for government-wide implementation.