Future Trends

EnDyna to Deliver Vulnerability Disclosure Platform Shared Service for Public Sector

CISA

EnDyna to Deliver Vulnerability Disclosure Platform Shared Service for Public Sector

Consulting firm EnDyna has secured a $13.5M contract from the Cybersecurity and Infrastructure Security Agency to provide vulnerability disclosure policy shared services that government agencies can use to allow researchers to identify security weaknesses.

Formally designated as a quality service management office, the VDP system is the first of the three initial services CISA will offer to the public sector, Fedscoop said Friday. 

The Virginia-based company is set to deploy the centrally managed network within the first six months of 2021 for processing reports from researchers to detect flaws in the IT systems of government organizations.  

Bryan Ware, CISA assistant director for cybersecurity, said the White House named the organization as the Cybersecurity Quality Services Management Office in April. 

He added that the agency will build on its existing cybersecurity offerings to provide a marketplace of services to government units to safeguard systems and operations. CISA will also “deliver cybersecurity solutions that continuously leverage industry innovation, in alignment with the National Cybersecurity Strategy,” he said. 

CISA, the first of the four original QSMOs made official, will in due course oversee a marketplace of cloud-based infrastructure provided by shared service companies. The setup will allow agencies to choose from the cloud-driven products and services instead of researching or designing their own solutions. 

The security agency collaborated with the General Services Administration to obtain the VDP platform on Sept. 25. The agencies will have access to the services and the acquisition vehicle via the marketplace. 

The second marketplace offering is a centralized cybersecurity function known as security operations center-as-a-service. The Department of Justice will provide the service to small agencies.

The third offering will be a protective domain name service that prevents hostile websites from accessing networks during the process of converting the hostnames into numerical internet protocol addresses that computers use. The contract awarding will be announced next fiscal year.

Category: Future Trends

Tags: Bryan Ware CISA cloud-based system cybersecurity Cybersecurity and Infrastructure Security Agency EnDyna FedScoop Future Trends protective Domain Name Service quality services management office security operations center-as-a-service VDP vulnerability disclosure policy