Publication of CVE Issuance Policy, v1.0
Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to publicly document its common vulnerability and exposure (CVE) issuance policies and also encourage CVE filing for lower-severity vulnerabilities.
Assessment Step
|
1
Publication of CVE Issuance Policy (PublicationofCVEIssuancePolicy)
Does the organization publicly document its common vulnerability and exposure (CVE) issuance policies and also encourage CVE filing for lower-severity vulnerabilities?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) and supporting notes as appropriate to support the assessor's response to this assessment step.
|
Conformance Criteria (1)
|
Publication of CVE Issuance Policy
The organization must publicly document its common vulnerability and exposure (CVE) issuance policies and also encourage CVE filing for lower-severity vulnerabilities.
Citation
SBDP
(doc)
|