Welcome to CISA’s Cybersecurity Quality Services Management Office (Cyber QSMO) Marketplace. This Marketplace is an online platform for acquiring high-quality, cost-efficient cybersecurity services. The Cyber QSMO centralizes, standardizes, and markets cybersecurity services on this platform, helping reduce the time and cost involved in sourcing and maintaining cybersecurity solutions.
The Marketplace offers priority CISA solutions to help agencies manage cyber risk. In addition to CISA-offered solutions, the Cyber QSMO also partners with federal service providers to offer additional cybersecurity services that will meet or exceed government standards and requirements. This helps ensure that agencies receive best-in-class services for the best cost.
Looking Ahead: Plans are underway to expand services offered on the Cyber QSMO Marketplace. In FY2021, the Marketplace will feature the following CISA services, which the Office of Management and Budget (OMB) has specifically prioritized to enhance cyber resiliency across the federal civilian enterprise.
Vulnerability Disclosure Platform
CISA’s Vulnerability Disclosure Platform (Platform) helps agencies streamline day-to-day operations when disclosing and managing cyber vulnerabilities. The Platform serves as the primary point of entry for intaking, triaging, and routing vulnerabilities disclosed by the public (i.e., ethical hackers). The Platform enhances information sharing across the federal enterprise by improving how agencies track, analyze, report, manage, and communicate potential vulnerabilities. Ultimately, the Platform enables agencies to receive actionable vulnerability information and collaborate with the public to improve the security of their internet-accessible systems.
Security Operations Services
CISA has partnered with the Department of Justice (DOJ) to offer a full spectrum of Security Operations services, built on cybersecurity best practices, to provide agencies with intelligence-led, expert driven, 24x7 threat detection, hunting, and incident response services. This suite of services will improve enterprise wide visibility into cyber vulnerabilities, incident discovery, and information sharing within the federal civilian executive branch (FCEB).
Protective Domain Name System (DNS) Resolver Service
CISA’s protective DNS resolver (also known as DNS firewall) service neutralizes malicious DNS content used in cyberattacks using state of the art DNS technologies and threat intelligence sources to secure query traffic, block government query traffic from reaching malicious domains, and alert security organizations within agencies when incidents occur. This service provides general name resolution services, supports modern DNS resolution protocols to protect data in transit, and overrides responses from public DNS records that threat intelligence sources identify as malicious.
The CISA Cybersecurity Standards Area Lead is finalizing standards and requirements, under the Federal Integrated Business Framework (FIBF) for designated Cyber QSMO service areas. The Cyber QSMO will leverage these standards and, as per OMB Memorandum 19-16, assess current federal cybersecurity shared service providers as potential designated federal shared service providers. The Cyber QSMO will periodically update this Marketplace to indicate when federal shared service providers have achieved final designation.
Have a Question? The Cyber QSMO is here to support your cybersecurity solutions needs and we want to hear from you. If you have a question about the Cyber QSMO and shared cyber services offered on the Marketplace, or are interested in becoming a federal shared service provider, please contact us at QSMO@cisa.dhs.gov.