Office of Management and Budget.
Notice of public comment period.
The Office of Management and Budget (OMB) is seeking public comment on a draft memorandum titled, “Improving Vulnerability Identification, Management, and Remediation.”
The 30-day public comment period on the draft memorandum begins on the day it is published in the Federal Register and ends 30 days after date of publication in the Federal Register.
Interested parties should provide comments via electronic mail to email@example.com. The Office of Management and Budget is located at 725 17th Street NW, Washington, DC 20503. No physical copies will be accepted.
Start Further Info
FOR FURTHER INFORMATION CONTACT:
Matthew T. Cornelius, OMB, at 202.881.7386 or firstname.lastname@example.org.
End Further Info
Start Supplemental Information
The Office of Management and Budget (OMB) is proposing guidance to Federal agencies on the publication and implementation of Vulnerability Disclosure Policies (VDPs). VDPs, which are processes for the intake and addressing of security vulnerabilities uncovered by security researchers and the public, are among the most effective methods for obtaining new insights regarding security vulnerability information. They also provide protection for those who uncover these vulnerabilities by differentiating between acceptable and unacceptable means of gathering security information (also known as “authorizing good faith security research”). VDPs make it easier for the security research community to report vulnerabilities to appropriate agency contacts, who can then use the reports to address vulnerabilities of which they may not have been aware.
Authority for this notice is granted under the Federal Information Security Modernization Act of 2014 (44 U.S.C. 3553-3554).
End Supplemental Information
Federal Chief Information Officer, Office of the Federal Chief Information Officer.
[FR Doc. 2019-25715 Filed 11-26-19; 8:45 am]
BILLING CODE 3110-05-P