The Department of Homeland Security’s (DHS) cybersecurity agency on Wednesday issued a draft order that would require federal agencies to increase protections against cyber vulnerabilities.
The Cybersecurity and Infrastructure Security Agency (CISA) asked for public comment on a draft directive requiring government agencies to develop and publish cyber vulnerability disclosure policies.
“A vulnerability disclosure policy facilitates an agency’s awareness of otherwise unknown vulnerabilities,” CISA wrote in the draft order. “It commits the agency to authorize good faith security research and respond to vulnerability reports, and sets expectations for reporters.”