Yesterday the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had approved a new information collection request (1670-0056)from CISA for “Actively Exploited Vulnerability Form”. The ICR was submitted to OIRA on August 22nd, 2025. The 60-day ICR notice was published on February 29th, 2024.
According to the Abstract on the new ICR:
“CISA is responsible
for performing coordinated Vulnerability Disclosure, which may originate
outside the United States Government (USG) network/community and affect users
within it or originate within the USG community and affect users outside of it.
Often, therefore, the effective handling of security incidents relies on
information sharing among individual users, industry, and the USG, which may be
facilitated by and through CISA. A dedicated form on the CISA website will
allow for external reporting of vulnerabilities that the reporting entity
believes to be Known Exploited Vulnerabilities (KEV) eligible. Upon submission,
CISA will evaluate the information provided, and then will add to the KEV
Catalog, if all KEV requirements are met.”
Posts
No comments:
Post a Comment