Cyber QSMO Marketplace

Welcome to CISA’s Cybersecurity Quality Services Management Office (Cyber QSMO) Marketplace. This Marketplace is an online platform for acquiring high-quality, cost-efficient cybersecurity services. The Cyber QSMO centralizes, standardizes, and markets cybersecurity services on this platform, helping reduce the time and cost involved in sourcing and maintaining cybersecurity solutions across the federal civilian enterprise.

The Marketplace offers priority CISA services to help agencies manage cyber risk. In addition to CISA-offered solutions, the Cyber QSMO also partners with federal service providers to offer additional cybersecurity services that will meet or exceed government standards and requirements. This helps ensure that agencies receive best-in-class services for the best cost.

Looking Ahead: Plans are underway to expand services offered on the Cyber QSMO Marketplace. In fiscal year 2021, the Marketplace will feature the following CISA services, which the Office of Management and Budget (OMB) has specifically prioritized to enhance cyber resiliency across the federal civilian enterprise.

Vulnerability Disclosure Policy (VDP) Platform

CISACISA’s VDP Platform helps agencies streamline day-to-day operations when disclosing and managing cyber vulnerabilities. The VDP Platform serves as the primary point of entry for intaking, triaging, and routing vulnerabilities disclosed by the public (i.e., ethical hackers). The VDP Platform enhances information sharing across the federal enterprise by improving how agencies track, analyze, report, manage, and communicate potential vulnerabilities. Ultimately, the VDP Platform enables agencies to receive actionable vulnerability information and collaborate with the public to improve the security of their internet-accessible systems.


Security Operations Services

DOJCISA partners with the U.S. Department of Justice (DOJ) to offer a full spectrum of Security Operations Services, built on cybersecurity best practices, to provide agencies with intelligence-led, expert driven, 24x7 threat detection, hunting, and incident response services. This suite of services improves enterprise wide visibility into cyber vulnerabilities, incident discovery, and information sharing within the Federal Civilian Executive Branch (FCEB).

DOJ offers 23 cybersecurity services on the QSMO Marketplace, as listed below. Services are grouped by the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) category.

Asset Management

  • Security Posture Dashboard Report (SPDR) and Risk Scoring Validated Service

Awareness and Training

  • Anti-Phishing Training Program Support Validated Service

Detection Processes

  • Security Operations Center (SOC) Optimization Advisory Service Validated Service


  • Cybersecurity Policy Support Validated Service

Information Protection Processes and Procedures

  • Process Improvement Advisory Service Validated Service
  • Security Architecture and Engineering Service Validated Service
  • Enterprise Program Management Advisory Service Validated Service

Protective Technology

  • Custom Solutions / Security Software Development Service Validated Service
  • Justice Cloud-Optimized Trusted Internet Connection Service (JCOTS) Validated Service

Risk Assessment

  • Cyber Security Assessment and Management (CSAM) Validated Service
  • Cyber Security Assessment and Management (CSAM) Advisory Services Validated Service
  • Cyber Threat Intelligence Validated Service
  • High Value Asset (HVA) Assessment 
  • Independent Security Control Assessments Validated Service
  • Information System Security Officer (ISSO) Services - Assessment and Authorization (A&A) Support Validated Service
  • Information System Security Officer (ISSO) Services - Continuous Monitoring Validated Service
  • Penetration Testing Validated Service

Security Continuous Monitoring

  • Cyber Threat Hunt Assessment Validated Service
  • Security Operations Center as a Service (SOCaaS) Validated Service
  • Vulnerability Management - Vulnerability Scanning, Analysis, and Reporting Validated Service

Supply Chain Risk Management

  • Supply Chain Risk Assessments Validated Service
  • Supply Chain Risk Management (SCRM) Program Management and Advisory Support Validated Service
  • Supply Chain Threat Intelligence Validated Service


Protective Domain Name System (DNS) Resolver Service (New Updates!)


The Protective DNS Resolver is a successor to the DNS protection capability of EINSTEIN 3 Accelerated (E3A), which allows CISA to detect and prevent cyberattacks targeting Federal Civilian Executive Branch (FCEB) agency networks. The Protective DNS Resolver Service also offers an additional broad range of capabilities that safeguard those assets previously challenging to protect, such as cloud, mobile and nomadic devices. CISA is proud to provide this high-performing cyber service to agencies as part of its mission to secure federal networks and enhance the U.S. Government’s cybersecurity posture.

For more information about this and other shared services, FCEB agencies may contact  


Cybersecurity Services on the Marketplace: Select the “Services” and “Service Providers” links below for a list of initial cybersecurity services offered on CISA’s Cyber QSMO Marketplace and a list of our service provider partners, respectively. The Cyber QSMO formally validates services using an iterative validation process to ensure a service offering meets government recognized performance standards and requirements. Validated service offerings are indicated with a green checkmark Validated Service. For federal enterprise transparency we provide for agencies’ reference, a listing of additional current Federal Shared Service Providers that: 1) Do not currently align to a formal OMB designated area and 2) Have not yet been approved by the Cyber QSMO.


Service Providers

Have a Question? The Cyber QSMO is here to support your cybersecurity solutions needs and we want to hear from you. If you have a question about the Cyber QSMO and shared cyber services offered on the Marketplace, or are interested in becoming a federal shared service provider, please contact us at

Last Updated Date: October 21, 2022

Was this webpage helpful?  Yes  |  Somewhat  |  No