Ranking Members Thompson and Lofgren Request GAO Review of CVE and NVD Federal Cybersecurity Programs
(WASHINGTON) – Today, Committee on Homeland Security Ranking Member Bennie G. Thompson (D-MS) and Committee on Science, Space and Technology Ranking Member Zoe Lofgren (D-CA) announced they sent a letter to the Government Accountability Office (GAO) to request it conduct a review of the federal cybersecurity programs designed to support vulnerability management for discovered vulnerabilities and weaknesses in information technology systems and specifically assess the effectiveness of Cybersecurity & Infrastructure Security Agency’s (CISA) Common Vulnerabilities and Exposures (CVE) program and National Institute of Standards and Technology’s (NIST) National Vulnerability Database (NVD).
“As we have become more reliant on technology and digital infrastructure, the number of discovered vulnerabilities has exponentially increased,” the Ranking Members wrote. “Every day, our citizens, our critical infrastructure operators, and our federal, state, and local governments have to mitigate these vulnerabilities and defend against hundreds of thousands of potential cyberattacks. These come from criminals who take advantage of vulnerable people; foreign actors who threaten our critical infrastructure, and hackers who try to destabilize American businesses.”
“Both the CVE program and the NVD program have faced significant challenges in recent years. In early 2024, funding challenges at NIST resulted in a backlog of thousands of vulnerabilities in the NVD, a backlog that persists to this day,” the Ranking Members added. “Further, a recent near-lapse of CISA’s contract supporting the CVE program brought to light the security community’s reliance on this program and the need to ensure its continuity.”
Given the programs’ important role in ensuring our nation’s cybersecurity, the Ranking Members are asking GAO to review to ensure their efficiency, effectiveness, and longevity.
# # #
Media contact
Next Article Previous Article