Inside Cybersecurity

March 28, 2024

Daily News

CISA issues draft operational directive requiring vulnerability disclosure policies at agencies

By Charlie Mitchell / November 27, 2019

The Cybersecurity and Infrastructure Security Agency has released a draft binding operational directive setting a new requirement for federal agencies to publish a vulnerability disclosure policy, while seeking public input on the plan over the next month.

“A VDP allows people who have ‘seen something’ to ‘say something’ to those who can fix it. It makes clear that an agency welcomes and authorizes good faith security research on specific, internet-accessible systems,” outgoing CISA assistant director for cyber Jeanette Manfra said...


Log in to access this content.


Not a subscriber? Sign up for 30 days free access to exclusive news and analysis on cybersecurity regulations and more.