CSD VM Blue Teaming Industry Day July 20 2021.pdf

CISA Cybersecurity Division (CSD) Vulnerability Management (VM) Blue Teaming Industry Day Event (None)

Cybersecurity and Infrastructure Security Agency

industry day presentation by the Cybersecurity and Infrastructure Security Agency (CISA) regarding the Vulnerability Management (VM) or Blue Team contract. The event took place on July 23, 2021, and included various sessions such as welcome/opening remarks, program overview, procurement information, question and answer period, and ground rules. The purpose of the industry day was to foster understanding and dialogue between CISA and industry stakeholders. It was emphasized that all materials presented were in draft form and subject to change before the issuance of a Request for Proposal (RFP). The document also outlined key information about the assessment process for High Value Assets (HVA), including team composition, assessment length, subject areas, and interview domains.

The presentation provided insights into CISA's mission to enhance situational awareness and reduce risk through cybersecurity assessments for federal departments, state/local entities, and private sector partners. It highlighted the importance of operational resilience in providing cybersecurity assessment services across critical infrastructure sectors. The process for conducting HVA assessments was detailed, including planning, execution, post-execution phases, key interview areas, roles and responsibilities of team members, and the timeline for assessments. Additionally, it emphasized that information presented was CISA's current intent for the Blue Team contract and subject to change based on market research feedback.