Yesterday, OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had approved an extension of an information collection request for “Vulnerability Discovery Program” (OMB Control Number: 1601-0028). DHS submitted the extension request for this ICR after OIRA approved a short-term revision of the ICR to allow the DHS VDP form to be used by other (undesignated) agencies of the Federal government to support those agencies in responding to the DHS Binding Operational Directive 20-01. The 60-day extension notice for this ICR was published in March 2021.
The Federal government has been using the DHS VDP reporting
form for just a little over a year now. It would be interesting to see how many
agencies are using the reporting form and how many have reached an agreement
with DHS to have DHS manage their VDP program. This would be an interesting
topic for a GAO or CRS report, if any congressional staffers are reading this.
For more details on the DHS response to public comments on
their 60-day ICR notice, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/omb-approves-dhs-vulnerability-reporting
- subscription required.
Posts
No comments:
Post a Comment