Reminder: The method for ordering VITA services has changed. Please follow the revised instructions in the "How to Order" section, below.

Security Threat and Vulnerability Assessment Service

generic network product image

Price: No Cost

Unit of Measure: Usage Based

Pricing Type: No Charge

Billing Cycle: N/A

Service Lead: Bob Baskette


This service provides customers with information on the security threats and vulnerabilities that may exist in their environments. These services include basic advice/guidance. This level of service does not include on-site support to remediate vulnerabilities in the customer's environment.

Security Threat and Vulnerability Assessment Service includes the following options:

  • Cyber Intelligence Gathering - Commonwealth Security and Risk Management (CSRM) works with the FBI, law enforcement and third parties to gather cyber intelligence.  CSRM functions as a liaison between these entities and Commonwealth of Virginia (COV) agencies, localities and high education to disseminate this information to the appropriate parties.  This intelligence includes reports of web site defacements, keylogger infections, compromised accounts and known threats that may affect these entities.
  • Commonwealth Security Advisory - CSRM monitors the internet for new vulnerabilities that are discovered that affect products being utilized on COV systems.  Once patches for these vulnerabilities have been released, they are included in the weekly advisory.

  • Monthly vulnerability scan - CSRM performs monthly vulnerability scans of externally facing COV systems to determine vulnerabilities that need to be addressed with Commonwealth systems.  These scans provide information on missing patches and configuration issues.  The vulnerabilities that are identified are reported to the customer for remediation.

  • Monthly ISOAG meetings - CSRM holds monthly meetings for the Information Security community.  At these meetings, CSRM provides information on the most recent threat trends

These services are provided to all customers without a charge.

Customer obligations

To sign up for the Threat and Vulnerability Assessment services, the customer is required to provide  contact information for the person that is to be added to the ISOAG mailing list.  Contact information can be sent via email to

How to Order

Effective 12/15/18, this service can be ordered from the VITA Service Catalog in the new VITA Service Portal. To submit your request:

  • Customers who have Commonwealth of Virginia (COV) accounts (including executive branch agencies) should access the VITA Service Catalog via the VITA Service Portal to place service requests using the automated form provided in the catalog.
  • Customers who do not have COV accounts (including some local government customers) or customers who are unable to gain access to the portal may order the service by sending an e-mail to the VITA Customer Care Center (VCCC) services desk at Please include the following information:
    • The words "Service request" in the "Subject" line
    • The name of the service being ordered
    • The quantity desired (if applicable)
    • Any other information you deem relevant

If you are uncertain as to whether you have a COV account, start by trying to access the VITA Service Portal. If you are unable to do so, then use the email-to-the-VCCC method.

If you need additional assistance, you may check with your agency information technology resource (AITR) or call the VCCC at 866-637-8482.

You will be contacted to confirm that your request has been received and to obtain any additional required information.