The Cybersecurity and Infrastructure Security Agency has implemented the updated version of the OASIS Common Security Advisory Framework standard for its security advisories for industrial control systems, operational technology and medical devices.
CISA said Friday the CSAF Version 2.0 standard enables organizations to automate the production and distribution of machine-readable security advisories to enable rapid response to system vulnerabilities.
The agency also anticipates its shift to the CSAF format will expedite the automation of the drafting and publication process for its other vulnerability response and coordination initiatives.
The ICS CSAF advisories will be available directly via CSA’s GitHub CSAF repository and alongside human-readable advisories including those released in 2017.
In November 2022, Eric Goldstein, executive assistant director for cybersecurity at CISA, said that CSAF is one of the components of the agency’s strategy to help improve defenses against software and hardware weaknesses.
Join the Potomac Officers Club’s 2023 Homeland Security Summit on Nov. 15 to learn about the U.S. government’s national security priorities and initiatives. Click here to register for the highly anticipated event.