Health & Human Services (HHS) - a Shared Service Provider

Organizationally, the U.S. Department of Health and Human Services (HHS) Enterprise Security Services (ESS) sits within the HHS Office of the Chief Information Officer and the Office of the Chief Information Security Officer. ESS provides information security services offerings across the HHS Enterprise including its Operating Divisions (i.e., National Institute of Health, Center for Medicare & Medicaid Services, Administration for Children and Families, Food & Drug Administration).

 Please see the list of Services and Service Providers below for a list of initial cybersecurity services offered on the Cyber Marketplace. Validated service offerings are indicated with a green checkmark 


Account Management 

Analysis & Detection 

Business Impact Analysis (BIA) System Security 

Enterprise Performance Life Cycle (EPLC) Compliance 

Federal Information Processing Standards (FIPS) 199 Categorization 

Information System Security Manager and Information System Security Officer (ISSO) Oversight and Coordination 

Information System Security Officer (ISSO) Assessment & Authorization (A&A) Support  

Information System Security Officer (ISSO) Configuration Management Planning 

Information System Security Officer (ISSO) Contingency Planning 

Information System Security Officer (ISSO) Continuous Monitoring 

Information System Security Officer (ISSO) Incident Management Planning & Response 

Information System Security Officer (ISSO) Plan of Action and Milestones (POA&M) Management 

Information System Security Officer (ISSO) Risk Management Framework (RMF) Practices Support 

Information System Security Officer (ISSO) Security Guidance & Analysis 

Information System Security Officer (ISSO) Systems Re-Authorization 

Risk Management Framework (RMF) Lifecycle Services 

Security Assessment Reporting 

Security Consultation Services (SCS) Assessment & Authorization (A&A) Support 

Security Consultation Services (SCS) Configuration Management Planning 

Security Consultation Services (SCS) Contingency Planning 

Security Consultation Services (SCS) Continuous Monitoring 

Security Consultation Services (SCS) Incident Management Planning & Response 

Security Consultation Services (SCS) Plan of Action and Milestones (POA&M) Management 

Security Consultation Services (SCS) Risk Management Framework (RMF) Practices Support 

Security Consultation Services (SCS) Security Guidance & Analysis 

Security Consultation Services (SCS) Systems Re-Authorization 

Security Controls Assessment 

Security Monitoring 

System Security Management 

Technical Vulnerabilities Assessment 

Vulnerability & Specialized Vulnerability Scanning 


For additional information, please visit our website:

For inquiries about ESS offered services or if interested in purchasing services, please contact us at