Schaffer, K.
, Mell, P.
, Trinh, H.
and Van Wyk, I.
(2023),
Recommendations for Federal Vulnerability Disclosure Guidelines, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-216, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=936658
(Accessed October 9, 2025)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Recommendations for Federal Vulnerability Disclosure Guidelines
Published
Author(s)
, , ,
Abstract
Receiving reports on suspected security vulnerabilities in information systems is one of the best ways for developers and services to become aware of issues. Formalizing actions to accept, assess, and manage vulnerability disclosure reports can help reduce known security vulnerabilities. This document recommends guidance for establishing a federal vulnerability disclosure framework, properly handling vulnerability reports, and communicating the mitigation and/or remediation of vulnerabilities. The framework allows for local resolution support while providing federal oversight and should be applied to all software, hardware, and digital services under federal control.Citation
Special Publication (NIST SP) - 800-216
Report Number
800-216
NIST Pub Series
Pub Type
NIST Pubs
Download Paper
Keywords
advisory, Federal Coordination Body, findings report, source vulnerability report, vulnerability communication, Vulnerability Disclosure, Vulnerability Disclosure Policy, Vulnerability Disclosure Program Office, vulnerability processing, vulnerability tracking.
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact [email protected].
Created May 24, 2023