WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) announces the availability of a new Nomination Form today that enables researchers, vendors, and industry partners to report known exploited vulnerabilities (KEV). This new reporting capability enhances CISA’s ability to quickly identify, validate, and share KEVs, critical threat information.
CISA’s KEV Nomination Form aligns with our Vulnerability Disclosure Policy (VDP) Platform and Coordinated Vulnerability Disclosure (CVD) Program, which together encourages good faith security research and promotes transparent, coordinated remediation of cyber risks. Public reporting to CISA is essential to the nation’s cybersecurity posture, helping ensure that exploited vulnerabilities are discovered early, communicated responsibly, and mitigated quickly across federal, private, and critical infrastructure networks.
“Every day, CISA collaborates with security researchers and industry partners that identify and report exploited vulnerabilities. This new reporting capability enhances CISA’s ability to identify, validate, and quickly share critical threat information,” said Chris Butera, CISA’s Acting Executive Assistant Director for Cybersecurity. “Early detection and coordinated vulnerability disclosure are among the most powerful tools we have to reduce risk at scale. CISA strongly encourages researchers and organizations to share vulnerability threats and help us secure the systems Americans rely on every day.”
The KEV catalog is an authoritative source of vulnerabilities that have been confirmed as actively exploited with clear remediation guidance. In addition to this new online form, organizations or individuals will still be able to nominate a KEV via email at [email protected].
Organizations and researchers can access the KEV catalog and submit information through: CISA.gov/known-exploited-vulnerabilities-catalog.
###
About CISA
As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to manage, uncover, and reduce risk to our digital and physical infrastructure Americans rely on every hour of every day.
Visit CISA.gov for more information and follow us on X, Facebook, LinkedIn, Instagram