Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Recommendations for Federal Vulnerability Disclosure Guidelines

Published

Author(s)

Kim B. Schaffer, Peter Mell, Hung Trinh, Isabel Van Wyk

Abstract

Receiving reports on suspected security vulnerabilities in information systems is one of the best ways for developers and services to become aware of issues. Formalizing actions to accept, assess, and manage vulnerability disclosure reports can help reduce known security vulnerabilities. This document recommends guidance for establishing a federal vulnerability disclosure framework, properly handling vulnerability reports, and communicating the mitigation and/or remediation of vulnerabilities. The framework allows for local resolution support while providing federal oversight and should be applied to all software, hardware, and digital services under federal control.
Citation
Special Publication (NIST SP) - 800-216
Report Number
800-216

Keywords

advisory, Federal Coordination Body, findings report, source vulnerability report, vulnerability communication, Vulnerability Disclosure, Vulnerability Disclosure Policy, Vulnerability Disclosure Program Office, vulnerability processing, vulnerability tracking.

Citation

Schaffer, K. , Mell, P. , Trinh, H. and Van Wyk, I. (2023), Recommendations for Federal Vulnerability Disclosure Guidelines, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-216, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=936658 (Accessed March 3, 2024)
Created May 24, 2023