Federal Information Security Modernization Act (FISMA) 2023

The head of each federal agency must develop and make publicly available a vulnerability disclosure policy for their agency - clearly defining a scope and directions for how to submit informaiton. The head of each agency should coordinate with the Director of CISA in creating the policy. Agencies should not puruse legal action against submitters that made a "good faith effort" to idenitify a vulnerability and report it. The legislation does not apply to national security systems.