US Federal Systems Must be Covered by Vulnerability-Disclosure Policies by March 2021
upstart writes in with an IRC submission:
US Federal systems must be covered by vulnerability-disclosure policies by March 2021:
A new Cybersecurity and Infrastructure Security Agency (CISA) mandate requires U.S. agencies to implement vulnerability-disclosure policies by March 2021.
The U.S. government's cybersecurity agency CISA has issued a mandate that requires federal agencies to implement vulnerability-disclosure policies (VDPs) by March 2021.
The main purpose of vulnerability-disclosure policies is to ensure that required information, other than confidential business information, is disclosed to the public and shared with relevant parties in a timely, accurate, complete, understandable, convenient and affordable manner.
The move aims at providing government agencies a formal mechanism to receive from security researchers and white-hat hackers reports of vulnerabilities on their infrastructure.
Vulnerability-disclosure policies allow enhancing the resiliency of the government's infrastructure by encouraging meaningful collaboration between federal agencies and the public.
Link to the Binding Operational Directive 20-01.
Read more of this story at SoylentNews.