This is a potential security issue, you are being redirected to https://csrc.nist.gov.
NIST has been tasked with creating guidelines for reporting, coordinating, publishing, and receiving information about security vulnerabilities, as part of the Internet of Things Cybersecurity Improvement Act of 2020, Public Law 116-207, and in alignment with ISO/IEC 29147 and 30111 whenever practical.
The guidelines address:
Draft Special Publication (SP) 800-216, Recommendations for Federal Vulnerability Disclosure Guidelines, is available for comment, and a link is provided under Publications on this page. SP 800-216 recommends guidance for establishing a federal vulnerability disclosure framework and highlights the importance of properly handling vulnerability reports and ensuring clear communications to minimize or eliminate vulnerabilities. The framework allows for local resolution support while providing federal oversight and should be applied to all software, hardware, and digital services under federal control.
NIST will continue to work with other government agencies – including OMB, DoD and DHS – in order to support a government-wide process of accepting, confirming, analyzing, solving, and deploying vulnerability disclosures.
Please send comments to NIST-Federal-Vulnerability-Disclosure-Guidance-Feedback@nist.gov