IT and Business Insights for SMB Solution Providers

NIST Publishes Recommendations for Federal Vulnerability Disclosure Guidelines: NIST SP 800-216 Now Available

Internal and external reporting of security vulnerabilities in software and information systems owned or utilized by the Federal Government is critical to mitigating risk, establishing a robust security posture, and maintaining transparency and trust with the public. Formalizing actions to accept, assess, and manage vulnerability disclosure reports can help reduce known security vulnerabilities and exposures.

NIST Special Publication (SP) 800-216, Recommendations for Federal Vulnerability Disclosure Guidelines, describes a flexible, unified framework for establishing policies and implementing procedures for reporting, assessing, and managing vulnerability disclosures for systems within the Federal Government. Per the Internet of Things Cybersecurity Improvement Act of 2020 (Public Law 116-207) and in alignment with ISO/IEC 29147 and ISO/IEC30111, these guidelines address:

  • The establishment of a federal vulnerability disclosure framework, including the Federal Coordination Body (FCB) and Vulnerability Disclosure Program Offices (VDPOs)
  • The receipt of information about potential security vulnerabilities in information systems owned or controlled by a government agency
  • The dissemination of information about security vulnerability resolutions to government agencies and the public

NIST led this government-wide effort in coordination with other agencies, including the Office of Management and Budget (OMB), the Department of Defense (DoD), and the Department of Homeland Security (DHS). Please contact [email protected] with any questions.

Read More

About the Author

ChannelPro SMB Magazine

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.