Cyber

CISA selects EnDyna for vulnerability disclosure platform shared service

The shared service is the first of three initial ones the agency will offer as a recently designated quality service management office.

By Dave Nyczepir

October 2, 2020

(Scoop News Group photo)

The Cybersecurity and Infrastructure Security Agency awarded EnDyna, Inc. a $13.5 million contract Friday to support its governmentwide vulnerability disclosure policy (VDP) shard service for agencies looking to work with researchers to find security flaws.

Based in McLean, Virginia, the consulting firm plans to begin providing the centrally managed system in early 2021 for processing reports from researchers as they find vulnerabilities in agencies’ externally facing IT systems.

The VDP platform is the first of three initial shared services CISA will offer agencies as an officially designated quality services management office (QSMO).

“CISA, designated by the White House as the Cybersecurity Quality Services Management Office in April, will build on its current cybersecurity offerings to provide a marketplace of services to agencies to protect and defend systems and operations and deliver cybersecurity solutions that continuously leverage industry innovation, in alignment with the National Cybersecurity Strategy,” said Bryan Ware, assistant director for cybersecurity, in the announcement Friday.

The first of the four original QSMOs made official, CISA will eventually manage a marketplace of cloud-based systems and services, offered by federal shared service providers, for agencies to choose from — rather than finding or developing their own solutions.

CISA partnered with the General Services Administration to acquire the VDP platform on Sept. 25, so both the services and the acquisition vehicle will be available to agencies through the marketplace.

The second marketplace offering is a security operations center-as-a-service (SOCaaS) the Department of Justice will provide to small agencies, though commercial providers will also be identified.

And the final marketplace offering will be a protective Domain Name Service (DNS) for blocking access to malicious websites when translating their people-friendly domain names into the numerical Internet Protocol addresses computers use. That award is expected to go to a commercial vendor next fiscal year.

CISA selects EnDyna for vulnerability disclosure platform shared service

More Like This

Salesforce launches ‘Einstein 1’ generative AI tool for government

Congress presses VA on modernization overhaul, supply chain system upgrade

Login.gov pilot to include option for biometric verification

Top Stories

CMS’s financial office is using LLM pilot to combat loss of institutional knowledge

Top public sector takeaways from Google Cloud Next 2024

With 2023 tax season in the rearview, IRS commissioner eyes expansion of AI capabilities

Commerce requests information about AI, open data assets, data dissemination

Commerce adds five members to AI Safety Institute leadership

Kiran Ahuja to step down as OPM director

ICE pursuing privacy approvals related to controversial phone location data

DOJ ‘not aware of any’ identity theft, fraud following consultant’s data breach

More Scoops

CISA still working with some agencies to fully follow federal vulnerability disclosure policy rules

Debt ceiling agreement seeks to claw back IT funds from GSA, CISA

Biden 2024 budget calls for IT spending boosts at VA, Social Security, GSA and CISA

OPM was quietly redesignated the point office for HR shared services

CISA interested in protective email service for .gov domain

CISA launches platform to allow hackers to report flaws in federal tech

MetTel becomes latest EIS vendor to receive managed security services authorization

Latest Podcasts

CISA selects EnDyna for vulnerability disclosure platform shared service

Google’s Chris Hein on how AI is changing how citizens relate to government

OPM’s tech-friendly director steps down

World Bank’s Partha Perumbali and Aretec’s Waqas Haq on AI-powered search

Tech

Defense

Cyber

Acquisition