NIST issues guidelines for creating federal vulnerability disclosure program required by law

The National Institute of Standards and Technology has finalized guidance to help agencies develop a federal vulnerability disclosure program and parameters for a coordinating body that will work with agencies on identifying vulnerable systems and information sharing.

“NIST Special Publication (SP) 800-216, Recommendations for Federal Vulnerability Disclosure Guidelines, describes a flexible, unified framework for establishing policies and implementing procedures for reporting, assessing, and managing vulnerability disclosures for systems within the Federal Government,” NIST said in a Wednesday announcement.

The...