In the pursuit to “transform the vulnerability management landscape,” CISA provides machine readable security advisories using the OASIS Common Security Advisory Framework (CSAF) Version 2.0 standard for Industrial Control Systems (ICS), Operational Technology (OT), and Medical Devices. By providing machine-readable advisories using CSAF v2.0, vendors and providers of software and hardware can join CISA and many other leading organizations in taking proactive steps to enable automation and help to reduce the time required for enterprises to understand organizational impact and drive timely remediation.
The purpose of this repository is to provide CSAF security advisories for ICS, OT, and Medical Devices. CSAF advisories are provided alongside every new ICS Advisory, including those dating back to 2017.
CSAF is a standard for machine-readable security advisories developed by the OASIS CSAF Technical Committee. CSAF enables individuals and organizations to successfully disclose and consume security advisories in machine-readable format. The standard also specifies the distribution and discovery of CSAF documents. The CSAF Security Advisory files found in this repositroy were designed following the CSAF v2.0 standard published by OASIS Open.
Please submit issues to the Issues Tracker of the CSAF repository with any comments or questions.
For details of CISA's CSAF Trusted Provider Role, including Public PGP key, visit CISA CSAF Provider Metadata.