Inside Cybersecurity

December 7, 2019

Daily News

CISA issues draft operational directive requiring vulnerability disclosure policies at agencies

November 27, 2019 |
Charlie Mitchell
Bookmark and Share

The Cybersecurity and Infrastructure Security Agency has released a draft binding operational directive setting a new requirement for federal agencies to publish a vulnerability disclosure policy, while seeking public input on the plan over the next month.

“A VDP allows people who have ‘seen something’ to ‘say something’ to those who can fix it. It makes clear that an agency welcomes and authorizes good faith security research on specific, internet-accessible systems,” outgoing CISA assistant director for cyber Jeanette Manfra said...

Log in to access this content.