The Department of Justice (DOJ) Justice Security Operations Center (JSOC) recently passed its cybersecurity assessment provided by the Department of Homeland Security (DHS) Cybersecurity Service Provider (CSP) program, and through that process has become a certified CSP Center of Excellence.
JSOC passed the assessment “with flying colors,” DHS said, including meeting all the required standards, and exceeding those standards in 35 of 40 cybersecurity evaluation areas. Those areas include: vulnerability management, malware protection, continuous monitoring, threat intelligence analytics, detection, and response to threats.
DHS CISO Kenneth Bible said in a press release that “the success of the DHS CSP program, and the partnership between DHS and DOJ, has shown that despite very different missions and compositions, DHS and other federal agencies can collaborate from a mature and common framework to effectively enhance our national cybersecurity posture.” This DOJ SOC assessment was the first assessment for the department performed for a non-DHS agency.
“This successful assessment is a major milestone in the maturation of the DHS CSP program, from its incubation at Immigration & Customs Enforcement to assessing all DHS SOCs – to now a step closer to becoming a Federal-wide program,” DHS Deputy CIO Beth Cappello said. “In the future, the CSP program hopes to provide assessments for other Federal agencies.”
Established in response to Executive Order 13800, the DHS CSP program ensures that all DHS SOCs pass a formal assessment for certification or use the services of a certified provider.
“The DHS CSP program has been a resounding success as the DHS component SOCs assessments were completed, resulting in a subscriber provider model that ensures all DHS endpoints get efficient, and more importantly, uniform protections against cyber adversaries,” DHS said.
DHS also mentioned that it’s Cybersecurity and Infrastructure Security Agency has added DOJ’s JSOC to the Cybersecurity Quality Services Management Office (Cyber QSMO) Marketplace. A Marketplace – that serves as an online platform for acquiring high-quality, cost-efficient cybersecurity services – centralizes, standardizes, and markets cybersecurity services on its platform which “helps reduce the time and cost involved in sourcing and maintaining cybersecurity solutions across the Federal civilian enterprise.”