How Homeland Security plans to secure government websites – By Andrew Eversden (Federal Times) / Nov 27 2019
The Department of Homeland Security’s cyber agency is issuing a draft directive that would require individual federal agencies to establish vulnerability disclosure programs.
The Cybersecurity and Infrastructure Security Agency released a draft binding operational directive Nov. 27 for comment that would mandate that federal agencies better their cybersecurity through VDPs, in which security researchers can report vulnerabilities in federal government websites.
In a blog post, CISA’s Assistant Director of Cybersecurity Jeanette Manfra said that this is the first time CISA has sought public feedback on a directive.
“This directive is slightly different from others we’ve issued, where agencies are directed to take an action and then CISA verifies the action has taken place,” wrote Manfra, who is leaving for the private sector in the new year. “Here, while agencies must maintain VDPs and are the beneficiaries of vulnerability reports, it’s the public that will provide those reports and will be the true beneficiaries of vulnerability remediation.”
The draft directive was published in tandem with a notice in the Federal Register from the Office of Management and Budget requesting comment on a draft memorandum, titled “Improving Vulnerability Identification, Management, and Remediation.”
Continue to article: https://www.fifthdomain.com/civilian/dhs/2019/11/27/how-homeland-security-plans-to-secure-government-websites/