Vulnerability Reporting Channel and Public Disclosure, v1.0
Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to provide a clear vulnerability reporting channel for its products and services, and also allow public disclosure of discovered vulnerabilities as per coordinated disclosure standards.
Assessment Step
|
1
Vulnerability Reporting Channel and Public Disclosure (VulnerabilityReportingChannelandPublicDisclosure)
Does the organization provide a clear vulnerability reporting channel for its products and services, and also allow public disclosure of discovered vulnerabilities as per coordinated disclosure standards?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) and supporting notes as appropriate to support the assessor's response to this assessment step.
|
Conformance Criteria (1)
|
Vulnerability Reporting Channel and Public Disclosure
The organization must provide a clear vulnerability reporting channel for its products and services, and also allow public disclosure of discovered vulnerabilities as per coordinated disclosure standards.
Citation
SBDP
(doc)
|