By Chris Riotta Jun 09, 2021 Setbacks and multiple delays have hampered the Department of Homeland Security in its efforts to build and implement a Continuous Diagnostics and Mitigation (CDM) program, according to an audit conducted by the department's inspector general. The IG report published last week identified vulnerabilities which it said left the department vulnerable to cybersecurity attacks after DHS failed to clearly define patch management responsibilities and implement required configuration settings. DHS spent $180 million between 2013 and 2020 to design and build a CDM program, yet the report found the department had "not yet strengthened its cybersecurity posture" by implementing a department-wide continuous monitoring solution. The audit was conducted between August 2019 and August 2020.