In our pursuit to “transform the vulnerability management landscape,” CISA is excited to announce that our security advisories for industrial control systems (ICS), operational technology (OT), and medical devices now include the OASIS Common Security Advisory Framework (CSAF) Version 2.0 standard.
In the current risk environment, organizations are challenged to manage the growing number and complexity of new vulnerabilities. A critical step in helping organizations achieve better efficiency in triaging and prioritizing vulnerability management efforts is introducing greater automation into the ecosystem. CSAF supports automation of the production, distribution, and consumption of security advisories — reducing the time between when vulnerabilities are disclosed and when businesses remediate them and enabling future tooling for automated vulnerability information sharing.