Request for Comments on Improving Vulnerability Identification, Management, and Remediation

Citation84 FR 65424
Record Number2019-25715
Published date27 November 2019
SectionNotices
CourtManagement And Budget Office
Federal Register, Volume 84 Issue 229 (Wednesday, November 27, 2019)
[Federal Register Volume 84, Number 229 (Wednesday, November 27, 2019)]
                [Notices]
                [Page 65424]
                From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
                [FR Doc No: 2019-25715]
                =======================================================================
                -----------------------------------------------------------------------
                OFFICE OF MANAGEMENT AND BUDGET
                Request for Comments on Improving Vulnerability Identification,
                Management, and Remediation
                AGENCY: Office of Management and Budget.
                ACTION: Notice of public comment period.
                -----------------------------------------------------------------------
                SUMMARY: The Office of Management and Budget (OMB) is seeking public
                comment on a draft memorandum titled, ``Improving Vulnerability
                Identification, Management, and Remediation.''
                DATES: The 30-day public comment period on the draft memorandum begins
                on the day it is published in the Federal Register and ends 30 days
                after date of publication in the Federal Register.
                ADDRESSES: Interested parties should provide comments via electronic
                mail to [email protected]. The Office of Management and Budget is
                located at 725 17th Street NW, Washington, DC 20503. No physical copies
                will be accepted.
                FOR FURTHER INFORMATION CONTACT: Matthew T. Cornelius, OMB, at
                202.881.7386 or [email protected].
                SUPPLEMENTARY INFORMATION: The Office of Management and Budget (OMB) is
                proposing guidance to Federal agencies on the publication and
                implementation of Vulnerability Disclosure Policies (VDPs). VDPs, which
                are processes for the intake and addressing of security vulnerabilities
                uncovered by security researchers and the public, are among the most
                effective methods for obtaining new insights regarding security
                vulnerability information. They also provide protection for those who
                uncover these vulnerabilities by differentiating between acceptable and
                unacceptable means of gathering security information (also known as
                ``authorizing good faith security research''). VDPs make it easier for
                the security research community to report vulnerabilities to
                appropriate agency contacts, who can then use the reports to address
                vulnerabilities of which they may not have been aware.
                 Authority for this notice is granted under the Federal Information
                Security Modernization Act of 2014 (44 U.S.C. 3553-3554).
                Suzette Kent,
                Federal Chief Information Officer, Office of the Federal Chief
                Information Officer.
                [FR Doc. 2019-25715 Filed 11-26-19; 8:45 am]
                BILLING CODE 3110-05-P
                

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT