The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency has released a draft binding operational directive that would require federal agencies to have a vulnerability disclosure policy.

Jeanette Manfra, assistant director for cybersecurity at CISA, wrote in a blog post published Wednesday the draft directive would direct each agency to publish a VDP and maintain handling procedures and add at least one system or service to the scope of an agency’s VDP every 90 days.

The Office of Management and Budget also issued a draft policy that would require all federal agencies to publish a VDP within 180 days; come up or update their internal vulnerability handling procedures to meet CISA requirements within 180 days; and use the quarterly Federal Information Security Modernization Act reporting to comply with the requirements.

Under the draft OMB policy, CISA will work with the National Institute of Standards and Technology and the Department of Justice to publish within 60 days immediate measures agencies should take to integrate VDPs into their data security programs. CISA is also required to issue a federal-wide implementation and strategic plan within 150 days to address challenges associated with vulnerability reporting and remediation.

Interested stakeholders have until Dec. 27 to comment on the two draft policies.

The Department of Transportation is requesting public input on how to bolster the capabilities of a newly-formed council tasked with supporting emerging transportation technologies.

DOT said Tuesday it released a request for comments to gather suggestions on topics, projects or issues the Non-Traditional and Emerging Transportation Council should consider to better respond to the growing needs of the public and industry. 

NETT Council was formed in March to provide companies a single access point to talk to DOT about their plans and proposals, develop a streamlined process for securing approval and funding and coordinate oversight of transportation projects.

Transportation Secretary Elaine Chao said the council is also developed to “provide a common portal to the department’s decentralized modes to better engage with new technologies which are cross-modal.”

Responses to the RFC are due Jan. 10, 2020.

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency has launched a campaign to increase awareness about potential online shopping scams and other malicious activities ahead of the holiday shopping season. 

CISA said Tuesday it created a new section on its website that lays out precautionary measures when buying gifts on the internet, including ensuring devices are updated, verifying the authenticity of online outlets and using safe methods for purchases. 

The holiday season gives cybercriminals the opportunity to take advantage of unsuspecting online shoppers, Christopher Krebs, director of CISA and a 2019 Wash100 awardee, said in a video message posted on the website. 

“The good news is you don’t need to be a cybersecurity pro to defend yourself. It’s often the simple things that make a big difference in protecting yourself and your family from cyber threats and scams,” Krebs added.

CISA intends to release additional resources and safety information next month to promote secure online shopping. 

The Small Business Administration has released a final rule that amends Historically Underutilized Business Zone Program regulations in a move to expand investment and contracting opportunities for companies that want to do business with the government.

The new rule, which takes effect Dec. 26, will allow some entities to maintain HUBZone certification for 10 years and vie for task orders under a multiple-award contract upon meeting specific requirements, SBA said Tuesday.

HUBZone maps will receive updates every five years from the Census Bureau and the departments of Labor and Housing and Urban Development. Additionally, employees residing in HUBZones and overseas on a temporary basis may retain their residency status.

“The exciting improvements outlined in this rule were designed to address longstanding uncertainty from both small businesses contemplating an investment in a designated HUBZone, as well as government agencies which seek to use HUBZone companies,” said Chris Pilkerton, acting administrator of SBA.

SBA added it plans to expand the Early Engagement Initiative to help certification applicants prepare for procurement opportunities through SBA district offices, technical assistance centers and small business development facilities.