Cybersecurity: Recent Policy and Guidance on Federal Vulnerability Disclosure Programs

Cybersecurity: Recent Policy and Guidance on Federal Vulnerability Disclosure Programs

Active / Technical Report | Accesssion Number: AD1131715 |

Abstract:

The Trump Administration has released policy and guidance on vulnerability disclosure programs(VDP) for federal agencies. VDPs help organizations secure their information technology (IT) by allowing the public to discover and report weaknesses in systems in the hope that the organization will mitigate the vulnerabilities. Vulnerabilities can be exploited by malicious actors to compromise systems, which may lead to data breaches. On September 2, 2020, the Office of Management and Budget (OMB) released Memorandum M-20-32on Improving Vulnerability Identification, Management, and Remediation and the Cybersecurity and Infrastructure Security Agency (CISA) released Binding Operational Directive 20-01 (BOD) to Develop and Publish a Vulnerability Disclosure Policy.

Author(s):

No Author(s) Identified

Author Organization(s):

LIBRARY OF CONGRESS WASHINGTON DC

Funding Organization(s):

LIBRARY OF CONGRESS WASHINGTON DC, WASHINGTON DC , DC

Document Type:

Technical Report/Congressional Report

Publication Date:

2020 Sep 08

Pagination:

4

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution Code:

A - Approved For Public Release

Distribution Statement: Public Release

RECORD

Collection: TRECMS

Subject Terms

Modernization Areas:

Cyber

Communities of Interest:

Cyber

Descriptor(s):

congress, united states government, cybersecurity, governments, security, data leakages, homeland security, law, national governments, national security, debugging, department of defense, department of homeland security, guidance, information security, information systems, public administration

Keyword(s):

vdp(vulnerability disclosure program)

Subject Categories:

Behavioral and Social Sciences

Creation Date:

2021 May 10

Update Date:

2021 Jul 06