CDM HWAM was built for managed IT. The unmanaged half of the network is where the audit findings live.
The CISA Continuous Diagnostics and Mitigation program produces a continuously updated view of agency hardware. The data feed works well for assets the agency provisioned, configured, and tagged. It does not work well for printers, cameras, lab equipment, building systems, contractor-provided devices, and the long tail of hardware that arrives on agency networks through side channels.
What HWAM covers — and what it doesn't
The Hardware Asset Management capability (HWAM) within CDM consumes data from agency-managed sources: endpoint management tools, IT service management systems, and configuration management databases. Each of those produces high-fidelity data for the assets it manages. None produces high-fidelity data for assets it doesn't.
Inspector General audits of CDM completeness across cabinet departments have consistently identified the same gap: agencies report 90%+ HWAM coverage of managed IT and far less coverage of the network's actual device population. The recurring named categories:
- Operational technology and lab equipment. Sensor gateways, environmental monitoring, test bench instrumentation, protocol converters, programmable logic controllers. Acquired outside the IT path, deployed without endpoint agents.
- Building systems. HVAC controllers, badge readers, parking systems, surveillance cameras, building-management consoles. Typically delivered by integrators as turnkey racks.
- Conference-room and AV gear. Codecs, displays, microphones, room controllers, soundbars, presentation switches. Each carries a network interface; few are in the CDM data feed.
- Printers and multifunction devices. Often touched by managed-print services contracts and not by the agency's HWAM tooling.
- Contractor and tenant-agency equipment. Field offices, task-order contractors, co-located organizations, and equipment brought to the LAN under shared-tenancy arrangements.
A switch-derived inventory that fills the gap
CybrIQ does not replace the agency's existing HWAM data sources. It supplies an independent inventory — built from switch-side signals on every managed switch in the environment — that catches the unmanaged half of the network. The output integrates with the CDM data feed and the ZTMM Devices pillar through syslog (RFC 5424) and REST.
The output is named and structured the way HWAM expects: hardware identifier, MAC, switch port location, VLAN, vendor identification, model class, last-seen timestamp, and a confidence score from the 750-million-device reference library. The agency's CDM dashboard sees additional devices appear with the right metadata fields populated.
What CybrIQ supports compliance with
- CDM HWAM capability — Hardware Asset Management completeness for unmanaged and OT-adjacent devices.
- NIST SP 800-53 Rev. 5 — CM-8 (System Component Inventory), CM-8(2) (Automated Maintenance), CM-8(3) (Automated Unauthorized-Component Detection).
- NIST SP 800-137 — Information Security Continuous Monitoring (ISCM), specifically the hardware-asset feed.
- OMB M-19-03 — Strengthening Federal Cybersecurity Risk Management. CDM data-quality expectations.
- EO 14028 — Modernizing federal cybersecurity, asset discovery requirements.
CDM HWAM gap self-assessment — a 15-minute exercise across the six device categories IG audits keep finding gaps in. Useful before any vendor briefing (including ours).
Download checklist →Deployment posture
Schedule a CDM HWAM briefing
A 30-minute session: we walk the HWAM completeness gap against your environment, the IG findings in your sector, and the integration with your existing CDM data feed.
Request briefing