Department of Transportation - a Shared Service Provider

The Enterprise Services Center (ESC) is a federal organization within the U.S. Department of Transportation’s (DOT) Federal Aviation Administration (FAA). ESC also operates as a service provider under the Financial QSMO, and offers fully managed IT service offerings to include IT hosting, system/database/application administration, and software development.

ESC provides Cybersecurity, Financial Services, and IT managed services to a multitude of Cabinet-level, Large, Small, and Micro agencies across the Federal Government. ESC may provide services to any federal organization along with other governmental entities on a case-by-case basis.

ESC’s Cybersecurity Shared Services Center provides a variety of Independent Assessment, Vulnerability Scanning/Penetration Testing, and Cybersecurity Support services to federal agencies.

The Cyber QSMO formally validates services using an iterative validation process to ensure a service offering meets government recognized performance standards and requirements.

Please see the list of Services and Service Providers below for a list of initial cybersecurity services offered on the Cyber Marketplace. Validated service offerings are indicated with a green checkmark Validated Service


  • Creation/Maintenance of Security Documentation and/or Procedures Validated Service
  • Interface Memorandum of Understanding / Interconnection Security Agreement Negotiations & Documentation Validated Service
  • Access Control Policies/Procedures Consultation & Documentation Validated Service
  • Audit Log Monitoring Processes/Procedures Consultation & Documentation Validated Service
  • Incident Response Planning & Testing Strategies Consultation & Documentation Validated Service
  • Physical Security Protections Consultation & Documentation Validated Service
  • Privacy Data Handling Policies/Procedures Consultation & Documentation Validated Service
  • Disaster Recovery Consultation, Documentation, & Testing Validated Service
  • Database Vulnerability Scanning Validated Service
  • Federal Risk and Authorization Management Program (FedRAMP) Third Party Assessment Organization (3PAO) Assessment of Cloud Environments Validated Service
  • Independent Assessments in Support of Systems Continuous Monitoring Validated Service
  • Independent Verification & Validation (IV&V) of Mitigation Activities Validated Service
  • Initial Independent Assessment in Support of Assessment & Authorization (A&A) Validated Service
  • Penetration Testing Validated Service
  • Phishing Vulnerability Scanning Validated Service
  • Wireless Network Vulnerability Scanning Validated Service
  • Information System Security Officer (ISSO) Services Validated Service
  • Risk Management Framework (RMF) Lifecycle Consultation Validated Service


For additional information, please visit their website:

For inquiries about ESC offered services or if interested in purchasing services, please contact us at