QSMO Services - Governance

Services that support the creation, development, and standardization of policies, procedures, and processes to manage and monitor cybersecurity risks. Select the services and agency provider logos below to contact service providers directly and learn more about how to obtain these services.

Creation/Maintenance of Security Documentation and/or Procedures

DOTThis service includes creating, updating and/or consultation on information protection processes and procedures (based on National Institute of Standards and Technology (NIST) 800-53 and any other applicable federal guidance). This service yields the required documentation for a new or continuously monitored system to prepare for a security control assessment. Key deliverables include:

  • System Security Plans (SSP)
  • Audit log monitoring procedures
  • Account Management Plans (AMP)
  • Incident Response Plans (IRP)
  • Information System Contingency Plans (ISCP)

Cybersecurity Policy Support Validated Service

DOJDOJ assists customers in developing and maintaining information security and privacy policies based on the most recent guidance from legislation, executive orders, directives, policies, regulations, and other technical standards.



Enterprise Performance Life Cycle (EPLC) Compliance

HHSEPLC Compliance ensures compliance from planning through the EPLC/System Development Life Cycle (SDLC) processes and procedures.



Interface Memorandum of Understanding/Interconnection Security Agreement Negotiations & Documentation

DOTThis service includes collaborative authorship of system-to-system interconnection agreements in accordance with National Institute of Standards and Technology (NIST) 800-47. Through guided discussions, this service helps federal organizations document the terms of an agreement that protect the interests of each party while concurrently meeting all applicable federal policies.



Was this webpage helpful?  Yes  |  Somewhat  |  No