Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-216

Recommendations for Federal Vulnerability Disclosure Guidelines

Date Published: May 2023

Planning Note (05/24/2023): Send inquiries about this publication to


Kim Schaffer (NIST), Peter Mell (NIST), Hung Trinh (NIST), Isabel Van Wyk (NIST)



advisory; Federal Coordination Body; findings report; source vulnerability report; vulnerability communication; Vulnerability Disclosure; Vulnerability Disclosure Policy; Vulnerability Disclosure Program Office; vulnerability processing; vulnerability tracking
Control Families

None selected


Download URL

Supplemental Material:
None available

Document History:
06/07/21: SP 800-216 (Draft)
05/24/23: SP 800-216 (Final)


Security and Privacy

threats, vulnerability management

Laws and Regulations

Internet of Things Cybersecurity Improvement Act