The Situational Awareness and Incident Response (SAIR) program provides federal enterprise awareness and incident response capabilities through Blanket Purchase Agreements setup and quick access to products and services that address gaps in the long-term security posture of the federal government.
SAIR tools and practices compliment existing programs by providing viable solutions that ensure consistent implementation of security standards across the government. Specifically, the SAIR program provides:
- affordable alternatives for smaller agencies to be served by a larger agency to assist with information security without the large cost to maintain the capability locally;
- a uniform service approach, as the work will be mapped to a standard method for conducting the activity--thus improving the consistency across government;
- aggregate requirements for tools and services, offering a choice of solutions to meet specific needs or proven practices; and
- shared experience among agencies, with a particular product or service prior to making purchasing decisions
SAIR Tier I
This suite of SAIR security solutions is designed to provide better cybersecurity protection to local, tribal, state, and federal governments.
These products were developed as a direct result of cross-government collaboration efforts championed by the Information Systems Security Line of Business (ISSLOB) and help identify and define requirements for baseline configuration management, network mapping/path discovery, and vulnerability management.
SAIR Tier I security solutions have been awarded under the General Services Administrations's (GSA) SmartBuy program, in collaboration with the Department of Homeland Security, and are available currently on GSA Advantage or on GSA's updated e-Buy system.
Network Mapping and Discovery Provides:
- Asset Management
- Rogue Asset Detection
- Physical Inventory Maintenance
- Software License Inventory
Vulnerability Scanning Provides:
- Software Flaw Scanning
- Patch Scanning
- Software Flaw Database
- Patch Remediation
- Patch Enforcement
Baseline Configuration Management Provides:
- Configuration Scanning
- Mis-configuration Database
- Policy Framework
- Mis-configuration Remediation
For more information, please contact: