“CISA is using the agency-wide adaptive risk enumeration algorithm, or AWARE algorithm, generated by its Continuous Diagnostics and Mitigation (CDM) program, to identify the severity of vulnerabilities in agency networks, and their persistence. CISA’s CDM Program Manager Kevin Cox explained the metric at an event in July.”
“’The idea that we’re really aiming for with our AWARE algorithm is to be able to start to quantify the aggregate number of opportunities for an adversary, and help those agencies see that, so that they can see where they need to focus their efforts and reduce their attack surface,’ he said.”
“And while 18 of the 24 CFO Act agencies were reporting their CDM program data up to the Federal dashboard in July, the reliability of that is still being improved. The agency had hoped all 24 CFO Act agencies would have reliable asset AWARE score by the end of September, according to its Fiscal Year 2020 target. Instead less than a quarter of the CFO Act agencies are on track to have a reliable AWARE score by the end of quarter four of the 2020 Fiscal Year, which ends on Sept. 30…” Read the full article here.
Source: CISA Expects ‘Handful’ of Agencies to Have Reliable AWARE Scores by Sept. 30 – By Dwight Weingarten, September 21, 2020. MeriTalk.