CISA tapped as shared services provider for cyber

checking data (alphaspirit/  

The Office of Management and Budget formally designated the first shared services provider under its Quality Service Management Office (QSMO) program on April 27, naming the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency as the provider for cybersecurity services.

That means CISA will act as a storefront for cybersecurity shared services under the year-old policy that taps separate agencies to act as governmentwide leads in specific areas of practice.

CISA's QSMO will cover security operation center standardization, vulnerability management standardization and DNS resolution services, according to a statement from OMB.

"This is an important step in the path to modernization of the federal government," Federal CIO Suzette Kent said in a statement. "By designating CISA as QSMO for cyber services, the federal government will be able to leverage their expertise, contracts and solutions to offer a robust marketplace of cybersecurity capabilities that will benefit all agencies."

CISA's formal QSMO designation is the first under a plan unveiled last April by the Office of Management and Budget to optimize shared services across government and reduce duplicative back office functions.

The April 26, 2019, memo from acting OMB Director Russell Vought identified financial management, grants management, human resources and cybersecurity as shared services and named agencies to take the lead in each.

Treasury was named to handle financial management, Health and Human Services got grants management, the General Services Administration got human resources and cyber went to DHS.

"CISA's formal designation as the Cybersecurity Quality Service Management Office reinforces our core mission to safeguard the cybersecurity of the federal civilian enterprise," said Bryan Ware, CISA's assistant director for cybersecurity, in a statement.

CISA plans to leverage the agency's experience with programs such as Continuous Diagnostics and Mitigation and the National Cybersecurity Protection System to bring high-quality, cost-effective shared services to federal agencies.

The formal designation was obtained by CISA after completing a Marketplace Implementation Plan that included information on its proposed service offerings, acquisition strategy, governance, financial infrastructure and organization.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at [email protected] or follow him on Twitter at @MRockwell4.


  • Acquisition
    Shutterstock ID 169474442 By Maxx-Studio

    The growing importance of GWACs

    One of the government's most popular methods for buying emerging technologies and critical IT services faces significant challenges in an ever-changing marketplace

  • Workforce
    Shutterstock image 1658927440 By Deliris masks in office coronavirus covid19

    White House orders federal contractors vaccinated by Dec. 8

    New COVID-19 guidance directs federal contractors and subcontractors to make sure their employees are vaccinated — the latest in a series of new vaccine requirements the White House has been rolling out in recent weeks.

Stay Connected