Cybersecurity, Privacy, & AI

Trending Now
Lawmakers Leery About Trump Administration’s Anthropic Order • US Officials See Iran Cyber Threat Persisting Despite Preliminary Deal • Senate NDAA Proposes CMMC Grant Program • FBI Takes Down Massive China-Based Cybercrime Network That Caused $1.9B in Losses • Agentic AI Is Coming to Government Faster Than Its Guardrails
Protests & Claims Newsletter Cyber & Privacy Newsletter Compliance & Enforcement Newsletter Development Newsletter Transforming Procurement Newsletter
Published on August 11, 2020 • Cyber

CISA Finalized Directive on Vulnerability Disclosure Policies, Congressman Says

CISA Finalized Directive on Vulnerability Disclosure Policies, Congressman Says

Turan Ramazanli | Shutterstock

The Cybersecurity and Infrastructure Security Agency issued a draft directive in November to require civilian agencies to work with security researchers to find vulnerabilities on their websites. Representative Jim Langevin (D-RI) says that directive is now final and being coordinated with OMB, who will release their policy first.

OMB’s draft policy requires agencies to establish vulnerability disclosure policies within 180 days of a final memo being issued. CIOs will be held responsible, and should coordinate with CISA in maturing agency policies. CISA’s directive includes suggested legal language and timelines for responding to security researchers’ reports, and resolving them.

More at NextGov

Stay compliant and protected with daily updates on cybersecurity, data privacy, and federal oversight with our Cyber & Privacy newsletter, delivering up-to-the-minute intelligence Monday–Saturday — Subscribe here.

© PubKGroup 2024