NIST draft addresses guidelines for handling disclosure of vulnerabilities on federal systems

The National Institute of Standards and Technology is seeking comment on draft recommendations for guidelines on how agencies report and manage disclosure of vulnerabilities found in software and other systems operated by the federal government, under a requirement in the 2020 Internet of Things Cybersecurity Improvement Act.

The draft SP 800-216 “Recommendations for Federal Vulnerability Disclosure Guidelines” was released Monday and is open for comment through Aug. 9. NIST noted it is “leading this government-wide effort in coordination with...