Vulnerability Management Service

The Vulnerability Management Service (VMS) is a DISA-hosted and cloud extended collection of security tools for application and endpoint security management. VMS offers support for systems across a wide array of hosted environments, ranging from traditional hosted datacenters, hybrid cloud environments such as Stratus, and to customers residing within AWS and Azure commercial cloud.

Why VMS?

VMS is a cost-effective way to meet security requirements within DISA’s Cloud Computing Security Requirements Guide (CC SRG), USCYBERCOM Operational Orders (OPORDs) for scanning and endpoint security, applicable DOD Security Technical Implementation Guides (STIGs), and Risk Management Framework (RMF) controls. VMS provides simplified access to tools such as Trellix’s Endpoint Security Solution (ESS) and Tenable’s Assured Compliance Assessment Solution (ACAS).


  • OPORD 16-0080 ESS and 14-037 ACAS compliance.
  • STIG and Common Vulnerabilities and Exposures (CVE) endpoint scanning.
  • Customizable security through endpoint firewall and anti-virus configurations.
  • Continuous Monitoring and Risk Scoring (CMRS) integration for cyber scorecard awareness.

Getting started.

Customers can order VMS now. If you are interested in learning more about VMS, use the  'contact us' form to connect with our team.

 Download the Slick Sheet