Tools
If you would like to submit a relevant resource for the cloud community, please click here.
Defense Acquisition University (DAU) Contracting Cone
- Authorship: Department of Defense (DoD), Defense Acquisition University (DAU)
- Publication Date:
- Status: Active
- Resource Type: Tools
- Information: Acquisitions
- Sub-Information: Acquisition Planning, Commercial Solutions Opening (CSO), FAR Based Acquisitions, Non-FAR Based Acquisitions, Other Transaction Authority (OTA)
The Department of Defense (DoD), Defense Acquisition University (DAU), Contracting Cone outlines the full spectrum of available Federal Acquisition Regulations (FAR) and Non-FAR contract strategies. The Contracting Cone provides details about each contracting strategy, to enable collaborative discussions to select the right strategy based on environment, constraints, and desired outcomes. The goal of the Contacting Cones is to provide visibility into new or lesser known strategies and ensure the full range of contract strategies are considered.
Department of Defense (DoD) Cyber Workforce Framework (DCWF)
- Authorship: Department of Defense (DoD), Chief Information Officer (CIO)
- Publication Date:
- Status: Active
- Resource Type: Tools
- Information: Workforce
- Sub-Information: Development, Identification, Knowledge Skills and Abilities (KSAs), Management, Qualifications, Recruitment, Training
The Department of Defense (DoD), Cyber Workforce Framework (DCWF) describes the work performed by the full spectrum of the cyber workforce as defined in "DoD Directive (DoDD) 8140.01 Cyberspace Workforce Management". The DCWF leverages the original National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NCWF) and the DoD Joint Cyberspace Training and Certification Standards (JCT&CS). The DCWF has a hierarchical structure with seven broad categories, 33 specialty areas, and 54 work roles. Each work role contains a definition, as well as a representative list of tasks and knowledge, skills and abilities (KSAs) describing what is needed to execute key functions. Work roles vary in terms of breadth (requirements spanning multiple sets of functions) and depth (requirements focused on a related set of functions).
Federal Risk and Authorization Management Program (FedRAMP) Marketplace
- Authorship: General Services Administration (GSA), Federal Risk and Authorization Management Program (FedRAMP)
- Publication Date:
- Status: Active
- Resource Type: Tools
- Information: Acquisitions, Security
- Sub-Information: Market Research, Assessment & Analysis (A&A), Risk Management
The General Services Administration (GSA), Federal Risk and Authorization Management Program (FedRAMP) Marketplace provides a searchable, sortable database of Cloud Service Offerings (CSOs) that have achieved a FedRAMP designation (i.e., authorization). Third Party Assessment Organizations (3PAOs) are also searchable within the Marketplace.
The government and Cloud Service Providers (CSPs) are encouraged to use the FedRAMP Marketplace as a resource to: research cloud services (i.e., CSOs) that are pursuing or currently authorized with FedRAMP, research government agencies partnering with CSPs for a FedRAMP authorization or using authorized cloud services (i.e., CSOs), and review FedRAMP’s community of accredited 3PAOs.
General Services Administration (GSA) Market Research as a Service (MRAS)
- Authorship: General Services Administration (GSA), Office of Customer and Stakeholder Engagement (CASE)
- Publication Date:
- Status: Active
- Resource Type: Tools
- Information: Acquisitions
- Sub-Information: Market Research
The General Services Administration (GSA), Market Research as a Service (MRAS) is a value added service / no cost online survey capability, that facilitates the government's engagement with GSA contract holders, through the development, issuance, and results reporting of a Request For Information (RFI).
A MRAS allows the government to survey and request comments, information, and recommendations from GSA vendors about available commercial and non-commercial solutions; the government's proposed business, functional, operational, technical, and security (e.g., cybersecurity) requirements; and proposed acquisition strategies.
National Initiative for Cybersecurity Education (NICE) Framework Mapping Tool
- Authorship: Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), Nation Initiative for Cybersecurity Career and Studies (NICCS)
- Publication Date:
- Status: Active
- Resource Type: Tools
- Information: Workforce
- Sub-Information: Identification, Knowledge Skills and Abilities (KSAs), Management, Qualifications
The National Initiative for Cybersecurity Education (NICE) Framework Mapping Tool allows Human Resource (HR) offices and managers to input positions required Knowledge, Skills, and Abilities (KSAs) to build cybersecurity profiles that are mapped to the NICE Framework. The NICE Framework Mapping Tool supports the standardization of cybersecurity work and position descriptions between organization.
National Initiative for Cybersecurity Education (NICE) Reference Spreadsheet
- Authorship: National Institute of Standards and Technology (NIST), National Initiative for Cybersecurity Education (NICE)
- Publication Date:
- Status: Active
- Resource Type: Tools
- Information: Workforce
- Sub-Information: Identification, Knowledge Skills and Abilities (KSAs), Qualifications
The National Institute of Standards and Technology (NIST), National Initiative for Cybersecurity Education (NICE) Reference Spreadsheet for the NICE Framework is supporting documentation that includes a database of the NICE Framework and a mapping to Office of Personnel Management (OPM) codes. The Reference Spreadsheet includes a list of Work Roles, Task, and Knowledge, Skills, and Abilities (KSAs) statements.
National Vulnerability Database (NVD)
- Authorship: National Institute of Standards and Technology (NIST)
- Publication Date:
- Status: Active
- Resource Type: Tools
- Information: Security
- Sub-Information: Cybersecurity Monitoring
The National Institute of Standards and Technology (NIST), National Vulnerability Database (NVD) is the U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
Open Security Controls Assessment Language (OSCAL)
- Authorship: National Institute of Standards and Technology (NIST)
- Publication Date:
- Status: Active
- Resource Type: Tools
- Information: Security
- Sub-Information: Assessment & Analysis (A&A), Risk Management
The Open Security Controls Assessment Language (OSCAL) as a standardized, data-centric framework (i.e., control definition, implementation, assessment) that can be applied to an Information System (IS) for documenting and assessing its security controls. With security information represented in OSCAL, security professionals are able to automate security assessment, auditing, and continuous monitoring processes.
Periodic Table of Acquisition Innovations (PTAI)
- Authorship: Federal Acquisition Institute (FAI)
- Publication Date:
- Status: Active
- Resource Type: Tools
- Information: Acquisitions
- Sub-Information: Acquisition Planning, Award, FAR Based Acquisitions, Non-FAR Based Acquisitions, Post Award, Solicitation
The Federal Acquisition Institute (FAI), Periodic Table of Acquisition Innovations (PTAI) is a collaborative government-industry initiative developed under the ACT-IAC Institute for Innovation to collect and share innovative practices used by government acquisition professionals to facilitate frictionless acquisition. Showcased practices have demonstrated at least 1 of the following results: accelerated time to award, reduced delivery time, improved customer satisfaction, cost savings and/or reduced barriers to entry. Each practice on the PTAI includes a description, benefits of use, and how-to's. Unless otherwise stated, each technique may be used with the FAR.