[Federal Register Volume 84, Number 229 (Wednesday, November 27, 2019)]
[Notices]
[Page 65424]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-25715]


=======================================================================
-----------------------------------------------------------------------

OFFICE OF MANAGEMENT AND BUDGET


Request for Comments on Improving Vulnerability Identification, 
Management, and Remediation

AGENCY: Office of Management and Budget.

ACTION: Notice of public comment period.

-----------------------------------------------------------------------

SUMMARY: The Office of Management and Budget (OMB) is seeking public 
comment on a draft memorandum titled, ``Improving Vulnerability 
Identification, Management, and Remediation.''

DATES: The 30-day public comment period on the draft memorandum begins 
on the day it is published in the Federal Register and ends 30 days 
after date of publication in the Federal Register.

ADDRESSES: Interested parties should provide comments via electronic 
mail to [email protected]. The Office of Management and Budget is 
located at 725 17th Street NW, Washington, DC 20503. No physical copies 
will be accepted.

FOR FURTHER INFORMATION CONTACT: Matthew T. Cornelius, OMB, at 
202.881.7386 or [email protected].

SUPPLEMENTARY INFORMATION: The Office of Management and Budget (OMB) is 
proposing guidance to Federal agencies on the publication and 
implementation of Vulnerability Disclosure Policies (VDPs). VDPs, which 
are processes for the intake and addressing of security vulnerabilities 
uncovered by security researchers and the public, are among the most 
effective methods for obtaining new insights regarding security 
vulnerability information. They also provide protection for those who 
uncover these vulnerabilities by differentiating between acceptable and 
unacceptable means of gathering security information (also known as 
``authorizing good faith security research''). VDPs make it easier for 
the security research community to report vulnerabilities to 
appropriate agency contacts, who can then use the reports to address 
vulnerabilities of which they may not have been aware.
    Authority for this notice is granted under the Federal Information 
Security Modernization Act of 2014 (44 U.S.C. 3553-3554).

Suzette Kent,
Federal Chief Information Officer, Office of the Federal Chief 
Information Officer.
[FR Doc. 2019-25715 Filed 11-26-19; 8:45 am]
BILLING CODE 3110-05-P