1、CRS INSIGHT Prepared for Members and Committees of Congress INSIGHTINSIGHTi i Cybersecurity: Recent Policy and Guidance on Federal Vulnerability Disclosure Programs September 8, 2020 The Trump Administration has released policy and guidance on vulnerability disclosure programs (VDP) for federal agen
2、cies. VDPs help organizations secure their information technology (IT) by allowing the public to discover and report weaknesses in systems in the hope that the organization will mitigate the vulnerabilities. Vulnerabilities can be exploited by malicious actors to compromise systems, which may lead t
3、o data breaches. On September 2, 2020, the Office of Management and Budget (OMB) released Memorandum M-20-32 on Improving Vulnerability Identification, Management, and Remediation and the Cybersecurity and Infrastructure Security Agency (CISA) released Binding Operational Directive 20-01 (BOD) to De
4、velop and Publish a Vulnerability Disclosure Policy. Policies Memorandum M-20-32 establishes the policy of a federal VDP and agency responsibilities. The memorandum states that a VDP includes traditional vulnerability disclosure policies (i.e., an open program where the public can find vulnerabiliti
升级VIP 