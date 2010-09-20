A new Cybersecurity and Infrastructure Security Agency (CISA) mandate requires U.S. agencies to implement vulnerability-disclosure policies by March 2021.

The U.S. government's cybersecurity agency CISA has issued a mandate that requires federal agencies to implement vulnerability-disclosure policies (VDPs) by March 2021.

The main purpose of vulnerability-disclosure policies is to ensure that required information, other than confidential business information, is disclosed to the public and shared with relevant parties in a timely, accurate, complete, understandable, convenient and affordable manner.

The move aims at providing government agencies a formal mechanism to receive from security researchers and white-hat hackers reports of vulnerabilities on their infrastructure.

Vulnerability-disclosure policies allow enhancing the resiliency of the government's infrastructure by encouraging meaningful collaboration between federal agencies and the public.