Inside Cybersecurity

March 28, 2024

Daily News

CISA issues binding operational directive mandating agencies develop vulnerability disclosure policies

By Sara Friedman / September 2, 2020

CISA is mandating that agencies across the federal government develop their own vulnerability disclosure policies for the “internet accessible systems and services” they use, through a binding operational directive released today.

The directive is intended to support a memorandum from the Office of Management and Budget that establishes parameters for agencies to identify, manage and remediate vulnerability issues.

“A vulnerability disclosure policy (VDP) is an essential element of an effective enterprise vulnerability management program and critical to the security...


Log in to access this content.


Not a subscriber? Sign up for 30 days free access to exclusive news and analysis on cybersecurity regulations and more.