The Cybersecurity and Infrastructure Agency (CISA) provides federal, state, and local government agencies with tools to rapidly identify and respond to cybersecurity risks through the Continuous Diagnostics and Mitigation (CDM) program. H.R. 4237 would codify that program.
H.R. 4237 also would require CISA to report to the Congress on the implementation of the program and the effectiveness of CDM. On the basis of information from CISA about similar reporting requirements, CBO estimates that implementing H.R. 4237 would cost less than $500,000 over the 2020-2024 period; such spending would be subject to the availability of appropriations.