NIST Publishes Policymaking Framework for Software Vulnerability Reporting

The National Institute of Standards and Technology has released Special Publication 800-216, a framework for setting policies relating to system vulnerability disclosure, assessment and management. Titled “Recommendations for Federal Vulnerability Disclosure Guidelines,” the document is also meant to address how information about security weaknesses in government information systems is received and disseminated to other agencies and the public.

NIST said in a press release that controlling risk, strengthening cybersecurity and maintaining public trust hinge on federal organizations’ internal and external reporting of vulnerabilities. According to the document’s abstract, such reporting is “one of the best ways” to inform developers and services of issues.

SP 800-216 was created in partnership with the Office of Management and Budget and the departments of Defense and Homeland Security. Its publication was directed by the Internet of Things Cybersecurity Improvement Act of 2020 and is meant to adhere to International Organization for Standardization requirements on vulnerability disclosure and handling, NIST said Wednesday.

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Cybersecurity

Join Us Now