Cybersecurity framework

Supporting your agency’s CSF

Your agency can leverage our GSA contract vehicles to implement your approach to the National Institute of Standards and Technology Cybersecurity Framework. Use the framework to:

The CSF organizes practices into five concurrent and continuous functions, which provide a high-level strategic view of an organization’s management of cybersecurity risk. The functions include individual categories and subcategories, which are discrete business outcomes an organization can achieve.

CSF product and service providers

Multiple Award Schedule

You can use our MAS Special Item Numbers to find specialized commercial products, services, and solutions.

• Our Highly Adaptive Cybersecurity Services and IT Professional Services SINs offer a range of services covering the cybersecurity lifecycle, from proactively assessing an information system’s risks and vulnerabilities to carrying out security monitoring, response, and recovery activities in a security operations center.
• Agencies can also use the Risk Assessment and Mitigation Services SIN to procure risk assessment and breach mitigation and forensic services. This SIN can also be used to implement measures to protect sensitive data, including Personally Identifiable Information and Protected Health Information. It can also be used to procure compliance and governance support, including data breach prevention training.
• Through the Identity, Credential, and Access Management SIN, agencies can purchase products and services to manage and authenticate user identities when accessing applications and information systems on your networks.
• GSA’s Best-in-Class IT Hardware and Software SINs allow agencies to purchase necessary cybersecurity products to improve your security posture and practices. These SINs also offer access to products listed on the Continuous Diagnostics and Mitigation Approved Product List. Products on the CDM APL are reviewed and approved by CISA to support the objectives of the CDM program.
• The BIC Wireless Mobility Solutions SIN provides a range of services to secure mobile devices, mobile applications, Internet of Things, and other mobile services deployed by agencies.

Governmentwide Acquisition Contracts

You can use GWACs to buy total IT solutions more efficiently and economically. We offer multiple GWACs that offer access to pools of vendors:

• Alliant 2 for access to vendors other than small businesses.
• 8(a) STARS III for access to 8(a) certified vendors.
• VETS 2 for access to Service-Disabled Veteran Owned Small Businesses.

Enterprise Infrastructure Solutions

You can use EIS for comprehensive IT, telecommunications, and infrastructure solutions. Through EIS’s Managed Security Service, agencies can access network monitoring, vulnerability scanning, and incident response capabilities. EIS also supports Trusted Internet Connections and Managed Trusted Internet Protocol Services.

Resources

• The NIST Framework for Improving Critical Infrastructure Cybersecurity organizes cybersecurity activities and practices into a common taxonomy.
• Zero Trust Architecture [PDF], Department of Defense Zero Trust Architecture [PDF], Application Security Testing [PDF], and Advanced Persistent Threat [PDF] Buyer’s Guides identify key principles to consider when implementing cybersecurity programs and procuring relevant GSA solutions.
• GSA’s Cybersecurity Supply Chain Risk Management Guide  [PDF]offers considerations and resources for acquiring products and services to establish a C-SCRM program that identifies cyber risks within IT supply chains.
• GSA’s Market Research As a Service tool can be used to find contract vehicles that align best with agencies’ needs and capable vendor pools to meet their requirements.

Contact us