Office of the Chief Information Officer

United States Department of Agriculture

Incident Handling

Service Description

Address IT system intrusions, cyber-theft, denial-of-service, malicious code, inappropriate usage and other security related events. Detect, analyze, contain, eradicate, and recover from security incidents. Successfully restore IT system security to production performance levels.

What's Included

Functions of a managed security service include

  • Analyze, identify, research and gather evidence needed to investigate whether an incident has occurred.
  • Categorize and analyze the source of all incidents.  Utilize US-CERT SP 800-61 incident categories, if applicable.
  • Identify the current and potential technical and business impact of an incident
  • Document incident handling detection and analysis checklist
  • Contain, eradicate and recover from all incidents. Preserve and secure incident evidence.
  • Provide appropriate follow-up reporting and lessons learned.
How We Charge

The cost of this service is recovered by the number of full time employees (FTE) supported in your agency as a percentage of total departmental FTEs supported.

Service Level Metrics

Measure Target SLA
System Monitoring 24 x 7
Incident Response 24 x 7
System Availability 99.99% excluding planned downtime*

Cost Saving Tips

  • Provide lower total cost of information security ownership. 
  • Allow agencies focus resources on mission critical business objectives.
  • Compliance with government regulations is provided through ongoing security monitoring.
  • A vendor neutral approach supports the appropriate composition of security services by deploying market-based solutions from a wide variety of industry sources.

Additional Information

Services are in compliance with applicable standards from NIST (including SP 800-61), OMB, FIPS and GAO.