Welcome to CISA’s Cybersecurity Quality Services Management Office (Cyber QSMO) Marketplace. This Marketplace is an online platform for acquiring high-quality, cost-efficient cybersecurity services. The Cyber QSMO centralizes, standardizes, and markets cybersecurity services on this platform, helping reduce the time and cost involved in sourcing and maintaining cybersecurity solutions across the federal civilian enterprise.
The Marketplace offers priority CISA services to help agencies manage cyber risk. In addition to CISA-offered solutions, the Cyber QSMO also partners with federal service providers to offer additional cybersecurity services that will meet or exceed government standards and requirements. This helps ensure that agencies receive best-in-class services for the best cost.
Looking Ahead: Plans are underway to expand services offered on the Cyber QSMO Marketplace. In fiscal year 2021, the Marketplace will feature the following CISA services, which the Office of Management and Budget (OMB) has specifically prioritized to enhance cyber resiliency across the federal civilian enterprise.
Vulnerability Disclosure Platform
CISA’s Vulnerability Disclosure Platform (Platform) helps agencies streamline day-to-day operations when disclosing and managing cyber vulnerabilities. The Platform serves as the primary point of entry for intaking, triaging, and routing vulnerabilities disclosed by the public (i.e., ethical hackers). The Platform enhances information sharing across the federal enterprise by improving how agencies track, analyze, report, manage, and communicate potential vulnerabilities. Ultimately, the Platform enables agencies to receive actionable vulnerability information and collaborate with the public to improve the security of their internet-accessible systems.
Security Operations Services
CISA has partnered with the U.S. Department of Justice (DOJ) to offer a full spectrum of Security Operations services, built on cybersecurity best practices, to provide agencies with intelligence-led, expert driven, 24x7 threat detection, hunting, and incident response services. This suite of services will improve enterprise wide visibility into cyber vulnerabilities, incident discovery, and information sharing within the federal civilian executive branch (FCEB).
Protective Domain Name System (DNS) Resolver Service
CISA’s protective DNS resolver (also known as DNS firewall) service neutralizes malicious DNS content used in cyberattacks using state-of-the-art DNS technologies and threat intelligence sources to secure query traffic, block government query traffic from reaching malicious domains, and alert security organizations within agencies when incidents occur. This service provides general name resolution services, supports modern DNS resolution protocols to protect data in transit, and overrides responses from public DNS records that threat intelligence sources identify as malicious.
Cybersecurity Services on the Marketplace: Click on the “Services” and “Service Providers” links below for a list of initial cybersecurity services offered on CISA’s Cyber QSMO Marketplace, as well as a list of our service provider partners. Additionally, we provide for agencies’ reference, a listing of additional current Federal Shared Service Providers that 1. Do not currently align to a formal OMB designated area and 2. Have not yet been approved by the Cyber QSMO.
Have a Question? The Cyber QSMO is here to support your cybersecurity solutions needs and we want to hear from you. If you have a question about the Cyber QSMO and shared cyber services offered on the Marketplace, or are interested in becoming a federal shared service provider, please contact us at QSMO@cisa.dhs.gov.