U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

SP 800-216

Recommendations for Federal Vulnerability Disclosure Guidelines

Date Published: May 2023

Planning Note (5/24/2023): Send inquiries about this publication to sp800-216-comments@nist.gov.


Kim Schaffer (NIST), Peter Mell (NIST), Hung Trinh (NIST), Isabel Van Wyk (NIST)



advisory; Federal Coordination Body; findings report; source vulnerability report; vulnerability communication; Vulnerability Disclosure; Vulnerability Disclosure Policy; Vulnerability Disclosure Program Office; vulnerability processing; vulnerability tracking
Control Families

None selected


SP 800-216 (DOI)
Local Download

Supplemental Material:
None available

Document History:
06/07/21: SP 800-216 (Draft)
05/24/23: SP 800-216 (Final)


Security and Privacy
threats; vulnerability management

Laws and Regulations
Internet of Things Cybersecurity Improvement Act