Welcome to CISA’s Cybersecurity Quality Services Management Office (Cyber QSMO) Marketplace. This Marketplace is an online platform for acquiring high-quality, cost-efficient cybersecurity services. The Cyber QSMO centralizes, standardizes, and markets cybersecurity services on this platform, helping reduce the time and cost involved in sourcing and maintaining cybersecurity solutions across the federal civilian enterprise.
The Marketplace offers priority CISA services to help agencies manage cyber risk. In addition to CISA-offered solutions, the Cyber QSMO also partners with federal service providers to offer additional cybersecurity services that will meet or exceed government standards and requirements. This helps ensure that agencies receive best-in-class services for the best cost.
Looking Ahead: Plans are underway to expand services offered on the Cyber QSMO Marketplace. In fiscal year 2021, the Marketplace will feature the following CISA services, which the Office of Management and Budget (OMB) has specifically prioritized to enhance cyber resiliency across the federal civilian enterprise.
Vulnerability Disclosure Policy (VDP) Platform
CISA’s VDP Platform helps agencies streamline day-to-day operations when disclosing and managing cyber vulnerabilities. The VDP Platform serves as the primary point of entry for intaking, triaging, and routing vulnerabilities disclosed by the public (i.e., ethical hackers). The VDP Platform enhances information sharing across the federal enterprise by improving how agencies track, analyze, report, manage, and communicate potential vulnerabilities. Ultimately, the VDP Platform enables agencies to receive actionable vulnerability information and collaborate with the public to improve the security of their internet-accessible systems.
Security Operations Services
CISA partners with the U.S. Department of Justice (DOJ) to offer a full spectrum of Security Operations Services, built on cybersecurity best practices, to provide agencies with intelligence-led, expert driven, 24x7 threat detection, hunting, and incident response services. This suite of services improves enterprise wide visibility into cyber vulnerabilities, incident discovery, and information sharing within the Federal Civilian Executive Branch (FCEB).
DOJ offers 23 cybersecurity services on the QSMO Marketplace, as listed below. Services are grouped by the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) category.
- Security Posture Dashboard Report (SPDR) and Risk Scoring
- Anti-Phishing Training Program Support
- Security Operations Center (SOC) Optimization Advisory Service
- Cybersecurity Policy Support
- Process Improvement Advisory Service
- Security Architecture and Engineering Service
- Enterprise Program Management Advisory Service
- Custom Solutions / Security Software Development Service
- Justice Cloud-Optimized Trusted Internet Connection Service (JCOTS)
- Cyber Security Assessment and Management (CSAM)
- Cyber Security Assessment and Management (CSAM) Advisory Services
- Cyber Threat Intelligence
- High Value Asset (HVA) Assessment
- Independent Security Control Assessments
- Information System Security Officer (ISSO) Services - Assessment and Authorization (A&A) Support
- Information System Security Officer (ISSO) Services - Continuous Monitoring
- Penetration Testing
- Cyber Threat Hunt Assessment
- Security Operations Center as a Service (SOCaaS)
- Vulnerability Management - Vulnerability Scanning, Analysis, and Reporting
- Supply Chain Risk Assessments
- Supply Chain Risk Management (SCRM) Program Management and Advisory Support
- Supply Chain Threat Intelligence
Protective Domain Name System (DNS) Resolver Service (New Updates!)
CISA’s Protective DNS Resolver (also known as DNS firewall) service neutralizes malicious DNS content used in cyberattacks using state-of-the-art DNS technologies and threat intelligence sources to secure query traffic, block government query traffic from reaching malicious domains, and alert security organizations within agencies when incidents occur. This service provides general name resolution services, supports modern DNS resolution protocols to protect data in transit, and overrides responses from public DNS records that threat intelligence sources identify as malicious.
May 12 Update:
On April 30, 2021, the Cybersecurity and Infrastructure Security Agency (CISA) and the General Services Administration (GSA) awarded the Protective Domain Name System (DNS) Resolver Service Task Order on the Alliant 2 Governmentwide Acquisition Contract (GWAC), in support of the Federal Civilian Executive Branch (FCEB) agencies. CISA is actively engaging with interested agencies willing to join the initial release of this CISA-funded, centrally managed service. Please reach out to QSMO@cisa.dhs.gov for more information. Stay tuned for updates as we press forward to deliver this critical service!
Cybersecurity Services on the Marketplace: Select the “Services” and “Service Providers” links below for a list of initial cybersecurity services offered on CISA’s Cyber QSMO Marketplace and a list of our service provider partners, respectively. The Cyber QSMO formally validates services using an iterative validation process to ensure a service offering meets government recognized performance standards and requirements. Validated service offerings are indicated with a green checkmark . For federal enterprise transparency we provide for agencies’ reference, a listing of additional current Federal Shared Service Providers that: 1) Do not currently align to a formal OMB designated area and 2) Have not yet been approved by the Cyber QSMO.
Have a Question? The Cyber QSMO is here to support your cybersecurity solutions needs and we want to hear from you. If you have a question about the Cyber QSMO and shared cyber services offered on the Marketplace, or are interested in becoming a federal shared service provider, please contact us at QSMO@cisa.dhs.gov.