Security Description & Product List

Please read the General Information page for answers to frequently asked questions for this service. 

Centralized Information Security Officer (ISO) Service (Service Lead: Ed Miller)

  • Description: The Centralized Information Security Officer (ISO) service will assist agencies in performing and documenting:  Business Impact Analysis and IT System Security Plans (consisting of IT Security Risk Assessment and Risk Treatment Plans) including required annual updates.  ISO Service analysts will also be able to provide consulting and other ISO services.

Centralized IT Security Audit Service (Service Lead: Ed Miller)

  • Description: Agencies may contract for IT security audits to be conducted through this service. The audits will be performed in accordance with commonwealth IT auditing standards and will be compliant with the requirement to have a sensitive IT system audited (at least once every 3 years).

COV Security Outreach & Information Sharing Service (Service Lead: Ed Miller)

  • Description: The Commonwealth Security and Risk Management (CSRM) COV Security Outreach & Information Sharing Team actively participates in the Multi-State  Information Sharing Group, Local, State (VA Fusion Center and Commonwealth Preparedness Working Group), and Federal Law Enforcement (FBI), and multiple COV Information/Infrastructure Security groups. 

Partnership Security Program Support (Service Lead: Jason Howze)

  • Description: This VITA service arbitrates security determinations made by the IT Partnership when customers request escalation. This role researches decisions and historical information, customer information, and the ITP Procedures Manual.

Security Incident Management (Service Lead: Bob Baskette)

  • Full Service Description: The Full Service Offering is available to executive branch agencies. The CSRM Incident Management team dispatches the Commonwealth Security Incident Response Team (CSIRT) as the first responders.

  • Limited Service Description: A Limited Service Offering is available to non-executive branch agencies, local governments and higher education.

Security Threat and Vulnerability Assessment Service (Service Lead: Bob Baskette)

  • Description: Commonwealth Security and Risk Management (CSRM) works with the FBI, law enforcement and third parties to gather cyber intelligence.

Web Application Vulnerability Scanning Services (Service Lead: Bill Freda)

  • Description: Multiple levels of service are available. Please review the service description page for details.