CISA Finalized Directive on Vulnerability Disclosure Policies, Congressman Says 

NextGov: In November, the Cybersecurity and Infrastructure Security Agency issued a draft directive that would require civilian agencies to work with security researchers to find vulnerabilities on their websites. The policy is now final, according to Rep. Jim Langevin, D-R.I.

“CISA has finalized their BOD 20-01 and it is coordinating with [the Office of Management and Budget] on issuance,” Langevin said in an interview with Nextgov. “The current plan is for OMB to release their policy first, followed by CISA's directive shortly thereafter.”

Read article