Continuous Monitoring and Risk Scoring Program Overview

This document is a technical report detailing the Continuous Monitoring and Risk Scoring (CMRS) program implemented by the Department of Defense (DoD). The CMRS program aims to provide cybersecurity oversight across all DoD-owned and leased computers and networks by aggregating endpoint data required by the DoD Chief Information Officer (CIO). It addresses the challenges of maintaining an accurate asset inventory for millions of endpoints distributed globally. The report outlines how the Tanium CMRS Service (TCS) solution enhances this capability by offering near-real-time data reporting, which is crucial for informed decision-making. The TCS solution is designed to streamline compliance reporting and consolidate endpoint data collection, thereby reducing reliance on multiple point solutions that may provide outdated information. Furthermore, it emphasizes the importance of meeting DoD compliance and regulatory standards, including the Federal Information Security Modernization Act (FISMA) and the Cybersecurity Scorecard requirements, to ensure a robust cybersecurity posture across the organization.