Request for Comments on Improving Vulnerability Identification, Management, and Remediation
Citation | 84 FR 65424 |
Record Number | 2019-25715 |
Published date | 27 November 2019 |
Section | Notices |
Court | Management And Budget Office |
Federal Register, Volume 84 Issue 229 (Wednesday, November 27, 2019)
[Federal Register Volume 84, Number 229 (Wednesday, November 27, 2019)] [Notices] [Page 65424] From the Federal Register Online via the Government Publishing Office [www.gpo.gov] [FR Doc No: 2019-25715] ======================================================================= ----------------------------------------------------------------------- OFFICE OF MANAGEMENT AND BUDGET Request for Comments on Improving Vulnerability Identification, Management, and Remediation AGENCY: Office of Management and Budget. ACTION: Notice of public comment period. ----------------------------------------------------------------------- SUMMARY: The Office of Management and Budget (OMB) is seeking public comment on a draft memorandum titled, ``Improving Vulnerability Identification, Management, and Remediation.'' DATES: The 30-day public comment period on the draft memorandum begins on the day it is published in the Federal Register and ends 30 days after date of publication in the Federal Register. ADDRESSES: Interested parties should provide comments via electronic mail to [email protected]. The Office of Management and Budget is located at 725 17th Street NW, Washington, DC 20503. No physical copies will be accepted. FOR FURTHER INFORMATION CONTACT: Matthew T. Cornelius, OMB, at 202.881.7386 or [email protected]. SUPPLEMENTARY INFORMATION: The Office of Management and Budget (OMB) is proposing guidance to Federal agencies on the publication and implementation of Vulnerability Disclosure Policies (VDPs). VDPs, which are processes for the intake and addressing of security vulnerabilities uncovered by security researchers and the public, are among the most effective methods for obtaining new insights regarding security vulnerability information. They also provide protection for those who uncover these vulnerabilities by differentiating between acceptable and unacceptable means of gathering security information (also known as ``authorizing good faith security research''). VDPs make it easier for the security research community to report vulnerabilities to appropriate agency contacts, who can then use the reports to address vulnerabilities of which they may not have been aware. Authority for this notice is granted under the Federal Information Security Modernization Act of 2014 (44 U.S.C. 3553-3554). Suzette Kent, Federal Chief Information Officer, Office of the Federal Chief Information Officer. [FR Doc. 2019-25715 Filed 11-26-19; 8:45 am] BILLING CODE 3110-05-P