Service Description
Identify, assess and prioritize system attributes, software design, and configuration vulnerabilities and flaws. Identify, prioritize and remediate security vulnerabilities and threats by criticality. Provide actionable operating system, application, policy and security configuration vulnerability reporting. Train users on vulnerability remediation.
What's Included
Functions of this security service include
- Group and Prioritize Information Technology Resources
- Monitor for Vulnerabilities, Remediations and Threats
- Prioritize Vulnerability Remediation
- Manage Remediation Data
- Conduct Testing of System Remediations
- Deploy Vulnerability Remediations
- Distribute Vulnerability and Remediation Information
- Verify Vulnerability Remediation Through Network and Host Vulnerability Scanning
- Vulnerability Remediation Training
How We Charge
The cost of this service is recovered by the number of full time employees (FTE) supported in your agency as a percentage of total departmental FTEs supported.
Service Level Metrics
| Measure | Target SLA |
|---|---|
| System Monitoring | 24 x 7 |
| Incident Response | 24 x 7 |
| System Availability | 99.99% excluding planned downtime* |
Cost Saving Tips
- Provide lower total cost of information security ownership.
- Allow agencies focus resources on mission critical business objectives.
- Compliance with government regulations is provided through ongoing security monitoring.
- A vendor neutral approach supports the appropriate composition of security services by deploying market-based solutions from a wide variety of industry sources.
Additional Information
Services are in compliance with applicable standards from NIST (including SP 800-40), OMB, FIPS and GAO.