| [open-regulatory-compliance] FYI: US Vulnerability Reporting Requirements based on IEC 29147 and 30111 are coming |
FYI – The US is aligning procurement regulations with IEC 29147 and 30111 (2) to the maximum extent practicable, be aligned with industry best practices and Standards 29147 and 30111 of the International Standards Organization (or any successor standard) or any other appropriate, relevant, and widely used standard. https://www.congress.gov/bill/119th-congress/house-bill/872/text NIST Guidance already follows IEC 29147 and 30111, per NIST SP 800-161 RA-5; https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161r1-upd1.pdf The CISA Software Acquisition Guide also adopts NIST Guidance following IEC 29147 (see Vulnerability Management Section); Thanks, Dick Brooks
Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership Never trust software, always verify and report! ™ Risk always exists, but trust must be earned and awarded.™ https://businesscyberguardian.com/ Email: dick@xxxxxxxxxxxxxxxxxxxxxxxxx Tel: +1 978-696-1788 |
