CISA’s Coordinated Vulnerability Disclosure Process

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) runs a program that coordinates cybersecurity vulnerabilities in products and services. This includes new vulnerabilities in industrial control systems—a subset of operational technologies, Internet of Things and medical devices, as well as information technology.

The goal of CISA’s CVD (Coordinated Vulnerability Disclosure) program is to ensure that CISA, the affected vendor(s) and/or the process includes the following steps:

1. Collection: CISA conducts a vulnerability analysis, monitoring information and reports. After completing an analysis, the agency compiles this information.

2. Analysis: technology suppliers and CISA work to understand the vulnerabilities and evaluate the risk in the vulnerability.

3. Mitigation Coordination: the next step includes development of mitigation measures, including the issuance of patches or updates.

4. Application of Mitigation: CISA may also work with vendors to produce, test and disseminate mitigation strategies prior to public disclosure.

5. Disclosure: users are notified about the vulnerability via multiple open channels. Vulnerability reports can be anonymously submitted.

Search AFCEA Site

Search AFCEA Site

CISA’s Coordinated Vulnerability Disclosure Process

CISA’s Coordinated Vulnerability Disclosure Process

Social Sharing

The Silent Vulnerabilities of Operational Technology

Related Content

New Head of DOD Research and Engineering Steps Into Role

Transforming in Contact 2.0: Army Stresses Significance of Conducting Combined Ops

Sailing Around the World With AFCEA

Diversifying the Artificial Intelligence Market To Compete With China