Draft NIST Special Publication 800-216 1 2 Recommendations for Federal 3 Vulnerability Disclosure Guidelines 4 5 Kim Schaffer 6 Peter Mell 7 Hung Trinh 8 9 10 11 12 This publication is available free of charge from: 13 https://doi.org/10.6028/ NIST.SP.800- 216-draft 14 15 16 17 18 Draft NIST Special Publication 800-216 19 20 Recommendations for Federal 21 Vulnerability Disclosure Guidelines 22 23 Kim Schaffer 24 Peter Mell 25 Hung Trinh 26 Computer Security Division 27 Information Technology Laboratory 28 29 30 31 32 33 34 35 This publication is available free of charge from: 36 https://doi.org/10.6028/ NIST.SP.800- 216-draft 37 38 June 2021 39 40 41 42 43 44 U.S. Department of Commerce 45 Gina M. Raimondo, Secretary 46 47 National Institute of Standards and Technology 48 James K. Olthoff , Performing the Non -Exclusive Functions and Duties of the Under Secretary of Commerce 49 for Standards and Technology & Director, National Institute of Standards and Technology 50 NIST SP 800-216 (DRAFT) FEDERAL VULNERABILITY DISCLOSURE GUIDELINES i Authority 51 This publication has been developed by NIST in accordance with its statutory responsibilities under the 52 Federal Information Security Modernization Act (FISMA) of 2014 , 44 U.S.C. § 3551 et seq., Public Law 53 (P.L.) 113-283. NIST is responsible for developing information security standards and guidelines, including 54 minimum requirements for federal information systems, but such standards and guidelines shall not apply 55 to national security systems without the express approval of appropriate federal officials exercising policy 56 authority over such systems. This guideline is consistent with the requirements of the Office of Management 57 and Budget (OMB) Circular A-130. 58 Nothing in this publication should be taken to contradict the standards and guidelines made mandatory and 59 binding on federal agencies by the Secretary of Commerce under statutory authority. Nor should these 60 guidelines be interpreted as altering or superseding the existing authorities of the Secretary of Commerce, 61 Director of the OMB, or any other federal official. This publication may be used by nongovernmental 62 organizations on a voluntary basis and is not subject to copyright in the United States. Attribution would, 63 however, be appreciated by NIST. 64 National Institute of Standards and Technology Special Publication 800-216 65 Natl. Inst. Stand. Technol. Spec. Publ. 800-216, 39 pages (June 2021) 66 CODEN: NSPUE2 67 This publication is available free of charge from: 68 https://doi.org/10.6028/ NIST.SP.800 -216-draft 69 Certain commercial entities, equipment, or materials may be identified in this document in order to describe an 70 experimental procedure or concept adequately. Such identification is not intended to imply recommendation or 71 endorsement by NIST, nor is it intended to imply that the entities, materials, or equipment are necessarily the best 72 available for the purpose. 73 There may be references in this publication to other publications currently under development by NIST in accordance 74 with its assigned statutory responsibilities. The information in this publication, including concepts and methodologies, 75 may be used by federal agencies even before the completion of such companion publications. Thus, until each 76 publication is completed, current requirements, guideline s, and procedures, where they exist, remain operative. For 77 planning and transition purposes, federal agencies may wish to closely follow the development of these new 78 publications by NIST. 79 Organizations are encouraged to review all draft publications