CISA Seeks Private Sector Support for Cybersecurity Risk Management

The Cybersecurity and Infrastructure Security Agency is looking for sources that can provide cybersecurity risk management services to support the agency’s Cybersecurity Division, Vulnerability Management Insights Branch, according to a request for information issued Friday. 

As stated in the RFI, within the Cybersecurity Division, the Vulnerability Management subdivision is supposed to “reduce risk to the Nation by enabling stakeholders to understand and manage vulnerabilities.” Moreover, VM’s Insights Branch is aimed at lessening “vulnerability risk and attack surface exposure through continuous data analysis to enable crucial infrastructure resiliency and stakeholder visibility into cyber threats.” It provides technical cyber risk reduction and it develops and disseminates analytic content to stakeholders to support data-driven decisions and influence operational behaviors. 

The Insights Branch is looking to “achieve optimal performance through innovation and transformative approaches to advance the performance and capabilities of the branch,” the RFI stated.

Accordingly, the agency is examining the potential for a contractor to provide cybersecurity risk management services to improve Insight’s capabilities and utilize private sector best practices, knowledge and innovation to fulfill the Insight Branch’s mission. 

As a result, the agency is asking for a contractor with the technical knowledge and experience to provide actionable, timely, relevant and accurate risk and mitigation advice backed by data. 

For example, such work would include program and product management, data integration and management, risk insight, vulnerability mitigation planning and performance insight. CISA is also asking contractors to assist with methodology for planning, execution, and quality and insights surge support.

Responses are due via email to the contracting officers by 12pm EST on March 15.