CISA tapped as shared services provider for cyber

The Office of Management and Budget formally designated the first shared services provider under its Quality Service Management Office (QSMO) program on April 27, naming the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency as the provider for cybersecurity services.

That means CISA will act as a storefront for cybersecurity shared services under the year-old policy that taps separate agencies to act as governmentwide leads in specific areas of practice.

CISA's QSMO will cover security operation center standardization, vulnerability management standardization and DNS resolution services, according to a statement from OMB.

"This is an important step in the path to modernization of the federal government," Federal CIO Suzette Kent said in a statement. "By designating CISA as QSMO for cyber services, the federal government will be able to leverage their expertise, contracts and solutions to offer a robust marketplace of cybersecurity capabilities that will benefit all agencies."

CISA's formal QSMO designation is the first under a plan unveiled last April by the Office of Management and Budget to optimize shared services across government and reduce duplicative back office functions.

The April 26, 2019, memo from acting OMB Director Russell Vought identified financial management, grants management, human resources and cybersecurity as shared services and named agencies to take the lead in each.

Treasury was named to handle financial management, Health and Human Services got grants management, the General Services Administration got human resources and cyber went to DHS.

"CISA's formal designation as the Cybersecurity Quality Service Management Office reinforces our core mission to safeguard the cybersecurity of the federal civilian enterprise," said Bryan Ware, CISA's assistant director for cybersecurity, in a statement.

CISA plans to leverage the agency's experience with programs such as Continuous Diagnostics and Mitigation and the National Cybersecurity Protection System to bring high-quality, cost-effective shared services to federal agencies.

The formal designation was obtained by CISA after completing a Marketplace Implementation Plan that included information on its proposed service offerings, acquisition strategy, governance, financial infrastructure and organization.