Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[open-regulatory-compliance] FYI: US Vulnerability Reporting Requirements based on IEC 29147 and 30111 are coming

FYI – The US is aligning procurement regulations with IEC 29147 and 30111

(2) to the maximum extent practicable, be aligned with industry best practices and Standards 29147 and 30111 of the International Standards Organization (or any successor standard) or any other appropriate, relevant, and widely used standard.

https://www.congress.gov/bill/119th-congress/house-bill/872/text

 

NIST Guidance already follows IEC 29147 and 30111, per NIST SP 800-161 RA-5;

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161r1-upd1.pdf

 

 

The CISA Software Acquisition Guide also adopts NIST Guidance following IEC 29147 (see Vulnerability Management Section);

https://www.cisa.gov/sites/default/files/2024-07/PDM24050%20Software%20Acquisition%20Guide%20for%20Government%20Enterprise%20ConsumersV2_508c.pdf

 

 

Thanks,

 

Dick Brooks

  

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

Risk always exists, but trust must be earned and awarded.™

https://businesscyberguardian.com/

Email: dick@xxxxxxxxxxxxxxxxxxxxxxxxx

Tel: +1 978-696-1788

 

 


Back to the top