Lindsey Graham

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday issued a final directive requiring all federal agencies to develop and publish cyber vulnerability disclosure policies.

The directive, which is the finalized version of a draft order published by CISA in November, is intended to make it easier for the public to disclose cybersecurity vulnerabilities to federal agencies and what types of communication to expect after reporting the issue.

“Cybersecurity is strongest when the public is given the ability to contribute, and a key component to receiving cybersecurity help from the public is to establish a formal policy that describes how to find and report vulnerabilities legally,” Bryan Ware, assistant director for Cybersecurity at CISA, said in a statement.