DHS/ALL/PIA-082 Continuous Monitoring as a Service (CMaaS)

The Department of Homeland Security (DHS), Chief Information Security Office (CISO) is leading the DHS enterprise-wide deployment of Continuous Diagnostics and Mitigation (CDM) tools under the Continuous Monitoring as a Service (CMaaS) Program to support the agency-specific efforts to implement adequate, risk-based, and cost-effective cybersecurity across DHS. CMaaS provides continuous monitoring, diagnostics, and mitigation capabilities designed to strengthen the security posture of DHS and its Components, systems, and networks through the establishment of a suite of functionalities that enable network administrators to know the state of their respective networks at any given time. CMaaS further informs Chief Information Officers (CIO) and Chief Information Security Officers (CISO) on the relative risks of cybersecurity threats, and makes it possible for Department personnel to identify, prioritize, and mitigate vulnerabilities. This Privacy Impact Assessment (PIA) is being conducted to cover the first two phases of the program (Asset Management and Identity and Access Management) and addresses the privacy risks associated with the deployment and operation of the CDM Agency Dashboard. February 2020

Associated SORN(s):

• OPM/GOVT-1 General Personnel Records
• DHS/ALL-003 Department of Homeland Security General Training Records
• DHS/ALL-004 General Information Technology Access Account Records System (GITAARS)
• DHS/ALL-023 Department of Homeland Security Personnel Security Management
• DHS/ALL-026 Department of Homeland Security Personal Identity Verification Management System
• DHS/ALL-037 E-Authentication Records