Cyber QSMO Services


Below is a list of initial service offerings, grouped by the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) category. Browse the list to find a service and get connected with federal shared service providers to acquire a service. Please visit the Cyber QSMO Marketplace again as we continue to onboard and validate additional services.

Anomalies and Events

Services that detect anomalous activity and help understand the potential impact of events.


Business Environment

Services that enable understanding and prioritization of an organization's mission, objectives, stakeholders, and activities to inform cybersecurity roles, responsibilities, and risk management decisions.


Data Security

Services that help manage information and records (i.e., data) consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information.


Governance

Services that support the creation, development, and standardization of policies, procedures, and processes to manage and monitor cybersecurity risks.


Identity Management and Access Control

Services that help limit and manage access to physical and logical assets and associated facilities to authorized users, processes, and devices, consistent with the assessed risk of unauthorized access to authorized activities and transactions.


Information Protection Processes and Procedures

Services that help maintain and use security policies (i.e., addressing purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures to manage the protection of information systems and assets.


Mitigation

Services that help prevent expansion of an event, mitigate its effects, and resolve the incident.


Recovery Planning

Services that help execute and maintain recovery processes and procedures to ensure restoration of systems or assets affected by cybersecurity incidents.


Risk Assessment

Services and tools that support the agency's assessment of cybersecurity risks. Risk assessments help the agency to understand the cybersecurity risks to the agency's operations (i.e., mission, functions, image, or reputation), organizational assets, and individuals.


Risk Management Strategy

Services that support the agency's development of a cybersecurity risk management strategy. Risk management strategy services help establish and use the organization's priorities, constraints, risk tolerances, and assumptions to prioritize and implement risk-based decisions.


Security Continuous Monitoring

Services that help monitor information systems and assets to identify cybersecurity events and verify the effectiveness of protective measures.

 

Last Updated Date: November 4, 2020

Was this document helpful?  Yes  |  Somewhat  |  No