Below is a list of initial service offerings, grouped by the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) category. Browse the list to find a service and get connected with federal shared service providers to acquire a service. Please visit the Cyber QSMO Marketplace again as we continue to onboard and validate additional services.
Services that detect anomalous activity and help understand the potential impact of events.
Services and tools that allow the agency to track hardware and software assets throughout the enterprise, including the asset's physical location and configuration.
Services that provide cybersecurity awareness education to the organization’s personnel and partners, and train them to perform their cybersecurity-related duties and responsibilities consistent with related policies, procedures, and agreements.
Services that enable understanding and prioritization of an organization's mission, objectives, stakeholders, and activities to inform cybersecurity roles, responsibilities, and risk management decisions.
Services that help manage information and records (i.e., data) consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information.
Services that help monitor the information system and assets to identify cybersecurity events and verify the effectiveness of protective measures.
Services that support the creation, development, and standardization of policies, procedures, and processes to manage and monitor cybersecurity risks.
Services that help limit and manage access to physical and logical assets and associated facilities to authorized users, processes, and devices, consistent with the assessed risk of unauthorized access to authorized activities and transactions.
Services that help maintain and use security policies (i.e., addressing purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures to manage the protection of information systems and assets.
Services that help prevent expansion of an event, mitigate its effects, and resolve the incident.
Services that help manage technical security solutions to ensure the security and resilience of systems and assets, consistent with related policies, procedures, and agreements.
Services that help execute and maintain recovery processes and procedures to ensure restoration of systems or assets affected by cybersecurity incidents.
Services and tools that support the agency's assessment of cybersecurity risks. Risk assessments help the agency to understand the cybersecurity risks to the agency's operations (i.e., mission, functions, image, or reputation), organizational assets, and individuals.
Services that support the agency's development of a cybersecurity risk management strategy. Risk management strategy services help establish and use the organization's priorities, constraints, risk tolerances, and assumptions to prioritize and implement risk-based decisions.
Services that help monitor information systems and assets to identify cybersecurity events and verify the effectiveness of protective measures.
Services and tools that help establish an organization's priorities, constraints, risk tolerances and assumptions, and support risk decisions associated with managing supply chain risk.