March 28, 2024
Daily News
CISA issues binding operational directive mandating agencies develop vulnerability disclosure policies
CISA is mandating that agencies across the federal government develop their own vulnerability disclosure policies for the “internet accessible systems and services” they use, through a binding operational directive released today.
The directive is intended to support a memorandum from the Office of Management and Budget that establishes parameters for agencies to identify, manage and remediate vulnerability issues.
“A vulnerability disclosure policy (VDP) is an essential element of an effective enterprise vulnerability management program and critical to the security...