A newly proposed CISA directive would require all U.S. agencies to develop and implement vulnerability disclosure processes for their internet connected systems. The directive, which is a compulsory order for federal departments and agencies, is in a draft phase and remains open for public comment until Dec. 27. Security experts hope that the directive will light a fire under the feet of federal agencies to create more transparency around the ins and outs of vulnerability disclosure, as well as increase trust overall between the government and security communities.
Source: https://threatpost.com/cisa-us-agencies-vulnerability-disclosure-policies/150718/