The Cybersecurity and Infrastructure Agency is trying to lighten the ever-increasing load of policy mandates, laws and cyber threats agencies must deal with every day. From the zero trust strategy to the cybersecurity executive order, to the vulnerabilities like Log4j and the latest on five different VMware products, agency chief information security officers probably feel like they are swimming upstream most of the time. But after almost a decade of work, the continuous diagnostic and mitigation (CDM) program from CISA is providing more data, more analysis and more general and specific knowledge. Richard Grabowski, the acting program manager of the CDM program at CISA, joined Jason Miller on this week’s Ask the CIO to talk more.