Skip Navigation
  • Overview

    The Continuous Diagnostics and Mitigation (CDM) program is designed to assess and mitigate cyber security threats across U.S. Federal civilian agencies. The program consists of four phases that address what is on the network (phase 1), who is on the network (phase 2), what is happening on the network (phase 3), and how is data protected (phase 4). 

    With phases 1 and 2 complete, civilian agencies now have identified the assets and users on their networks, attached continuous monitoring sensors to said assets, and aligned users’ privileges and credentials to appropriate resources. Phase 3 builds upon its predecessors and contains requirements focusing on how the network is protected. In particular, the Boundary Protection and Event Management (BOUND) tool functional area (TFA) is intended to diminish inappropriate access to data, systems and networks. The requirements contain three components: BOUND-F (filtering technology), BOUND-E (encryption), and BOUND-P (physical access protection). The BOUND requirements detail the most effective methods to protect sensitive data-at-rest and in-motion via encryption and key management.

    Phase 3 also addresses what is happening on the network and details event management requirements, and operate, monitor and improve requirements. This includes preparedness and response to contingencies and incidents (TFA 10 and 11) as well as the management of audit information (TFA 14).

    Thales TCT  Encryption and Key Management Solutions for CDM

    Thales TCT offers encryption and key management solutions that deliver the same level of security whether deployed in enterprise, tactical or cloud environments. Our solutions enable agencies to meet their CDM requirements while investing in a solution that provides robust security, a growing ecosystem, and the scalability needed to build a trusted framework for the future. Our solutions have a U.S. supply chain and can be deployed in any environment and easily integrate into an existing cyber security infrastructure. SafeNet AT’s encryption and key management solutions have received CDM Approved Product List (CDM APL) approval to address phase 3 and phase 4 requirements.

    For a full list of the phase 3 requirements that Thales TCT addresses, download our CDM solution brief.

  • CDM APL Solutions

    Thales TCT Encryption and Key Management Solutions for CDM

    KeySecure for Government

    KeySecure for Government manages cryptographic keys and associated policies for a broad range of data-at-rest encryption solutions including a suite of data protection products and numerous third-party encryption solutions. KeySecure for Government is available in three platforms designed for deployment across physical, virtual, and public cloud environments. 

    Both hardware platforms support a hardware root of trust utilizing a FIPS 140-2 Level 3 hardware security module. The virtual platform supports a FIPS 140-2 Level 1 root of trust or a FIPS 140-2 Level 3 network-attached hardware security module (HSM).

    Data-at-Rest Encryption Solutions

    Thales TCT’s data-at-rest encryption solutions deliver granular encryption and role-based access control for structured and unstructured data residing in databases, applications, files, and storage containers. These solutions integrate with KeySecure for Government, a FIPS 140-2 validated key manager, to provide centralized administration of all keys and policies.
    • ProtectApp: Encrypt sensitive field and application data at the point of creation
    • ProtectDB: Protect sensitive data across databases in the data center and the cloud
    • ProtectFile: Encrypt the data in and control access to sensitive folders and files

    High Speed Encryption Solutions*

    Thales TCT’s High Speed Encryption solutions provide agencies with a single platform to ‘encrypt everywhere’— from network traffic between data centers and the headquarters to backup and disaster recovery sites, whether on premises or in the cloud.  These solutions offer powerful safeguards for data in motion, delivering Layer 2 encryption capabilities that provide security without compromise, as well as maximum throughput and minimal latency.

    *CDM APL approval pending

    For a full list of the phase 3 requirements that Thales TCT addresses, download our CDM solution brief.

  • Resources
    Thales TCT Solutions for Continuous Diagnostics and Mitigation
    CDM overview mapping Thales TCT solutions to specific CDM requirements

    Download Now

    Continuous Diagnostics and Mitigation: Data Protection & Assurance
    Acknowledging that cyber security is a monumental task, CDM has taken a structured approach by defining four phases that enable agencies to fold in different aspects of cyber security over time. The program begins with dashboards at both the federal and the agency/department level. The program then deploys sensors throughout the network infrastructure that address different strategic questions associated with network security

    Download Now


This site uses cookies to store information on your computer. Some are essential to make our site work properly; others help us improve the user experience.

By using the site, you consent to the placement of these cookies. For more information, read our cookie policy and our privacy policy.