The White House Office of Management and Budget (OMB) on Monday designated a Department of Homeland Security agency as the lead for bringing a shared cyber security services model to federal agencies.
The Cybersecurity Infrastructure and Security Agency's (CISA) Quality Service Management Office (QSMO) designation centralizes cyber security mission support functions within the agency, increasing the use of shared services across the government, reducing duplication and freeing departments and agencies to focus on their core missions.
CISA is the first QSMO designated by OMB, which in April 2019 mandated the use of centralized mission support services across the federal government as part of the President's Management Agenda for modernizing government.
The QSMO designation for CISA applies to security operation center standardization, vulnerability management standardization, and domain name system resolver service.
CISA already helps federal civilian agencies with their cyber security, providing products and services as well as sharing data about threats.
"CISA's formal designation as the Cybersecurity Quality Service Management Office reinforces our core mission to safeguard the cyber security of the federal civilian enterprise," Bryan Ware, assistant director for Cybersecurity at CISA, said in a statement. "We plan to leverage successes and lessons learned from programs like Continuous Diagnostics and Mitigation and the National Cybersecurity Protection System to deliver high-quality, cost-effective shared services to federal agencies."
OMB said that that the Cybersecurity QSMO will not take a cookie cutter approach to cyber security services across government. Instead, the new QSMO will provide options for agencies based on their maturity and readiness.
Following OMB's directive last April for centralized services, CISA Director Chris Krebs said his agency was on a path to establish a common approach for the federal civilian government through a cyber security baseline. He said then that the OMB memo directs that CISA be the Cybersecurity QSMO.