Hours for live chat and calls:
Sun 8 p.m. - Fri 8:30 p.m. CST
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Your agency can leverage our GSA contract vehicles to implement your approach to the National Institute of Standards and Technology Cybersecurity Framework. Use the framework to:
The CSF organizes practices into five concurrent and continuous functions, which provide a high-level strategic view of an organization’s management of cybersecurity risk. The functions include individual categories and subcategories, which are discrete business outcomes an organization can achieve.
|Identify||Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.||Asset Management, Business Environment, Governance, Risk Assessment, Risk Management Strategy, Supply Chain Risk Management|
|Protect||Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.||Identity Management, Authentication and Access Control, Awareness & Training, Data Security, Info Protection and Procedures, Maintenance, Protective Technology|
|Detect||Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.||Anomalies and Events, Security Continuous Monitoring, Detection Process|
|Respond||Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.||Response Planning, Communications, Analysis, Mitigation, Improvements|
|Recover||Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.||Recovery Planning, Improvements, Communications|
You can use our MAS Special Item Numbers to find specialized commercial products, services, and solutions.
You can use GWACs to buy total IT solutions more efficiently and economically. We offer multiple GWACs that offer access to pools of vendors:
You can use EIS for comprehensive IT, telecommunications, and infrastructure solutions. Through EIS’s Managed Security Service, agencies can access network monitoring, vulnerability scanning, and incident response capabilities. EIS also supports Trusted Internet Connections and Managed Trusted Internet Protocol Services.
For individualized support, find your agency's point of contact.