X-VDP Informational
Operate a Vulnerability Disclosure Capability
Official citation: SECURE Technology Act / NIST 800-216
Class: informational · Severity: low
Statement of the obligation — verify against source
SECURE Technology Act / NIST 800-216
What it means
A vulnerability disclosure program is the front door for outside researchers to tell you about flaws safely. Federal policy increasingly expects one, and it is fast becoming a baseline expectation in federal contracts.
Required by
- SECURE Tech Act — Pub. L. 115-390
Educational reference only — not legal advice. Consult a qualified assessor or attorney for binding compliance determinations.