This course is designed for managers, staff and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). The course aims to help the student better understand how people and software work together to protect mission critical assets and to more effectively evaluate their cyber posture.
The course begins by defining SWAM and why it is critical to the implementation of a robust cyber-security program. It covers new roles and responsibilities which the department or agency (D/A) must implement. It then transitions into SWAM implementation criteria, and discusses the generic CDM concept of operations specific to SWAM Actual State, Desired State, and Defects. It includes high level discussions of software lists (white, gray, black) and how software can be identified and tracked in CDM through the use of Common Platform Enumeration (CPE) and Software Identification (SWID) tags by Software package down to executables.
- Understanding of what SWAM is
- Understand SWAM Actual State, Desired State, and Defect Checks
- Understand implementing SWAM
- Understand software risk management