As the Continuous Diagnostics and Mitigation (CDM) program matures, it requires a new way of thinking. While agencies will continue to buy tools to fill gaps in their defenses, they need to start thinking about how those tools fit into their larger cybersecurity strategy.