Department of Transportation - a Shared Service Provider

The Enterprise Services Center (ESC) is a federal organization within the U.S. Department of Transportation’s (DOT) Federal Aviation Administration (FAA). ESC also operates as a service provider under the Financial QSMO, and offers fully managed IT service offerings to include IT hosting, system/database/application administration, and software development.

ESC provides Cybersecurity, Financial Services, and IT managed services to a multitude of Cabinet-level, Large, Small, and Micro agencies across the Federal Government. ESC may provide services to any federal organization along with other governmental entities on a case-by-case basis.

ESC’s Cybersecurity Shared Services Center provides a variety of Independent Assessment, Vulnerability Scanning/Penetration Testing, and Cybersecurity Support services to federal agencies.

The Cyber QSMO formally validates services using an iterative validation process to ensure a service offering meets government recognized performance standards and requirements.

Please see the list of Services and Service Providers below for a list of initial cybersecurity services offered on the Cyber Marketplace. Validated service offerings are indicated with a green checkmark 


  • Creation/Maintenance of Security Documentation and/or Procedures 
  • Interface Memorandum of Understanding / Interconnection Security Agreement Negotiations & Documentation 
  • Access Control Policies/Procedures Consultation & Documentation 
  • Audit Log Monitoring Processes/Procedures Consultation & Documentation 
  • Incident Response Planning & Testing Strategies Consultation & Documentation 
  • Physical Security Protections Consultation & Documentation 
  • Privacy Data Handling Policies/Procedures Consultation & Documentation 
  • Disaster Recovery Consultation, Documentation, & Testing 
  • Database Vulnerability Scanning 
  • Federal Risk and Authorization Management Program (FedRAMP) Third Party Assessment Organization (3PAO) Assessment of Cloud Environments 
  • Independent Assessments in Support of Systems Continuous Monitoring 
  • Independent Verification & Validation (IV&V) of Mitigation Activities 
  • Initial Independent Assessment in Support of Assessment & Authorization (A&A) 
  • Penetration Testing 
  • Phishing Vulnerability Scanning 
  • Wireless Network Vulnerability Scanning 
  • Information System Security Officer (ISSO) Services 
  • Risk Management Framework (RMF) Lifecycle Consultation 


For additional information, please visit their website:

For inquiries about ESC offered services or if interested in purchasing services, please contact us at