CISA tapped as shared services provider for cyber

checking data (alphaspirit/  

The Office of Management and Budget formally designated the first shared services provider under its Quality Service Management Office (QSMO) program on April 27, naming the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency as the provider for cybersecurity services.

That means CISA will act as a storefront for cybersecurity shared services under the year-old policy that taps separate agencies to act as governmentwide leads in specific areas of practice.

CISA's QSMO will cover security operation center standardization, vulnerability management standardization and DNS resolution services, according to a statement from OMB.

"This is an important step in the path to modernization of the federal government," Federal CIO Suzette Kent said in a statement. "By designating CISA as QSMO for cyber services, the federal government will be able to leverage their expertise, contracts and solutions to offer a robust marketplace of cybersecurity capabilities that will benefit all agencies."

CISA's formal QSMO designation is the first under a plan unveiled last April by the Office of Management and Budget to optimize shared services across government and reduce duplicative back office functions.

The April 26, 2019, memo from acting OMB Director Russell Vought identified financial management, grants management, human resources and cybersecurity as shared services and named agencies to take the lead in each.

Treasury was named to handle financial management, Health and Human Services got grants management, the General Services Administration got human resources and cyber went to DHS.

"CISA's formal designation as the Cybersecurity Quality Service Management Office reinforces our core mission to safeguard the cybersecurity of the federal civilian enterprise," said Bryan Ware, CISA's assistant director for cybersecurity, in a statement.

CISA plans to leverage the agency's experience with programs such as Continuous Diagnostics and Mitigation and the National Cybersecurity Protection System to bring high-quality, cost-effective shared services to federal agencies.

The formal designation was obtained by CISA after completing a Marketplace Implementation Plan that included information on its proposed service offerings, acquisition strategy, governance, financial infrastructure and organization.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at [email protected] or follow him on Twitter at @MRockwell4.


  • Government Innovation Awards
    Government Innovation Awards -

    Congratulations to the 2020 Rising Stars

    These early-career leaders already are having an outsized impact on government IT.

  • Cybersecurity
    cybersecurity (Rawpixel/

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

Stay Connected