nm3clol/nm3clol-archived-osmre.gov
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
nm3clol-archived-osmre.gov/mirror/www.osmre.gov/vulnerability-disclosure-policy.html

1749 lines
58 KiB
HTML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html lang="en" dir="ltr">
<!-- Mirrored from www.osmre.gov/vulnerability-disclosure-policy by HTTrack Website Copier/3.x [XR&CO'2014], Thu, 02 May 2024 20:53:36 GMT -->
<!-- Added by HTTrack --><meta http-equiv="content-type" content="text/html;charset=UTF-8" /><!-- /Added by HTTrack -->
<head>
<meta charset="utf-8" />
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-39841921-1"></script>
<script>window.dataLayer = window.dataLayer || [];function gtag(){dataLayer.push(arguments)};gtag("js", new Date());gtag("set", "developer_id.dMDhkMT", true);gtag("config", "UA-39841921-1", {"groups":"default","anonymize_ip":true,"page_placeholder":"PLACEHOLDER_page_path"});gtag("config", "G-G355EEB84R", {"groups":"default","page_placeholder":"PLACEHOLDER_page_location"});gtag("config", "GT-TBBPP6M", {"groups":"default","page_placeholder":"PLACEHOLDER_page_location"});</script>
<meta name="Generator" content="Drupal 10 (https://www.drupal.org)" />
<meta name="MobileOptimized" content="width" />
<meta name="HandheldFriendly" content="true" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link rel="icon" href="themes/custom/osmre/favicon.ico" type="image/vnd.microsoft.icon" />
<link rel="canonical" href="vulnerability-disclosure-policy.html" />
<link rel="shortlink" href="vulnerability-disclosure-policy.html" />
<title>Vulnerability Disclosure Policy | Office of Surface Mining Reclamation and Enforcement</title>
<link rel="stylesheet" media="all" href="https://www.osmre.gov/core/modules/system/css/components/ajax-progress.module.css?scv7cu" />
<link rel="stylesheet" media="all" href="https://www.osmre.gov/core/modules/system/css/components/align.module.css?scv7cu" />
<link rel="stylesheet" media="all" href="https://www.osmre.gov/core/modules/system/css/components/autocomplete-loading.module.css?scv7cu" />
<link rel="stylesheet" media="all" href="https://www.osmre.gov/core/modules/system/css/components/fieldgroup.module.css?scv7cu" />
<link rel="stylesheet" media="all" href="https://www.osmre.gov/core/modules/system/css/components/container-inline.module.css?scv7cu" />
<link rel="stylesheet" media="all" href="https://www.osmre.gov/core/modules/system/css/components/clearfix.module.css?scv7cu" />
<link rel="stylesheet" media="all" href="https://www.osmre.gov/core/modules/system/css/components/details.module.css?scv7cu" />
<link rel="stylesheet" media="all" href="https://www.osmre.gov/core/modules/system/css/components/hidden.module.css?scv7cu" />
<link rel="stylesheet" media="all" href="https://www.osmre.gov/core/modules/system/css/components/item-list.module.css?scv7cu" />
<link rel="stylesheet" media="all" href="https://www.osmre.gov/core/modules/system/css/components/js.module.css?scv7cu" />
<link rel="stylesheet" media="all" href="https://www.osmre.gov/core/modules/system/css/components/nowrap.module.css?scv7cu" />
<link rel="stylesheet" media="all" href="https://www.osmre.gov/core/modules/system/css/components/position-container.module.css?scv7cu" />
<link rel="stylesheet" media="all" href="https://www.osmre.gov/core/modules/system/css/components/progress.module.css?scv7cu" />
<link rel="stylesheet" media="all" href="https://www.osmre.gov/core/modules/system/css/components/reset-appearance.module.css?scv7cu" />
<link rel="stylesheet" media="all" href="https://www.osmre.gov/core/modules/system/css/components/resize.module.css?scv7cu" />
<link rel="stylesheet" media="all" href="https://www.osmre.gov/core/modules/system/css/components/sticky-header.module.css?scv7cu" />
<link rel="stylesheet" media="all" href="https://www.osmre.gov/core/modules/system/css/components/system-status-counter.css?scv7cu" />
<link rel="stylesheet" media="all" href="https://www.osmre.gov/core/modules/system/css/components/system-status-report-counters.css?scv7cu" />
<link rel="stylesheet" media="all" href="https://www.osmre.gov/core/modules/system/css/components/system-status-report-general-info.css?scv7cu" />
<link rel="stylesheet" media="all" href="https://www.osmre.gov/core/modules/system/css/components/tabledrag.module.css?scv7cu" />
<link rel="stylesheet" media="all" href="https://www.osmre.gov/core/modules/system/css/components/tablesort.module.css?scv7cu" />
<link rel="stylesheet" media="all" href="https://www.osmre.gov/core/modules/system/css/components/tree-child.module.css?scv7cu" />
<link rel="stylesheet" media="all" href="modules/contrib/ds/css/ds-3col-stacked-fluid6878.css?scv7cu" />
<link rel="stylesheet" media="all" href="modules/contrib/dismissible_message_bar/css/dissmissable_message_bar6878.css?scv7cu" />
<link rel="stylesheet" media="all" href="themes/custom/osmre/assets/css/style6878.css?scv7cu" />
<script src="../kit.fontawesome.com/e701cb4bd8.js" crossorigin="anonymous"></script>
<!-- We participate in the US government's analytics program. See the data at analytics.usa.gov. -->
<script async type="text/javascript" src="../dap.digitalgov.gov/Universal-Federated-Analytics-Minf2b9.js?agency=OSMRE" id="_fed_an_ua_tag"></script>
</head>
<body>
<a href="#main-content" class="usa-skipnav">
Skip to main content
</a>
<div class="dialog-off-canvas-main-canvas" data-off-canvas-main-canvas>
<section class="usa-banner">
<div class="usa-banner">
<div class="usa-accordion">
<header class="usa-banner__header">
<div class="usa-banner__inner">
<div class="grid-col-auto">
<img class="usa-banner__header-flag" src="themes/custom/osmre/assets/uswds/img/us_flag_small.png" alt="U.S. flag">
</div>
<div class="grid-col-fill tablet:grid-col-auto">
<p class="usa-banner__header-text">An official website of the United States government</p>
<p class="usa-banner__header-action" aria-hidden="true">Here's how you know</p>
</div>
<button class="usa-accordion__button usa-banner__button" aria-expanded="false" aria-controls="gov-banner">
<span class="usa-banner__button-text">Here's how you know</span>
</button>
</div>
</header>
<div class="usa-banner__content usa-accordion__content" id="gov-banner" hidden="">
<div class="grid-row grid-gap-lg">
<div class="usa-banner__guidance tablet:grid-col-6">
<img class="usa-banner__icon usa-media-block__img" src="themes/custom/osmre/assets/uswds/img/icon-dot-gov.svg" alt="Dot gov">
<div class="usa-media-block__body">
<p>
<strong>Official websites use .gov</strong>
<br>
A <strong>.gov</strong> website belongs to an official government organization in the United States.
</p>
</div>
</div>
<div class="usa-banner__guidance tablet:grid-col-6">
<img class="usa-banner__icon usa-media-block__img" src="themes/custom/osmre/assets/uswds/img/icon-https.svg" alt="Https">
<div class="usa-media-block__body">
<p>
<strong>Secure .gov websites use HTTPS</strong>
<br>
A <strong>lock</strong> ( <span class="icon-lock">
<svg xmlns="http://www.w3.org/2000/svg" width="52" height="64" viewBox="0 0 52 64" class="usa-banner__lock-image" role="img" aria-labelledby="banner-lock-title banner-lock-description" focusable="false">
<title id="banner-lock-title">Lock</title>
<desc id="banner-lock-description">A locked padlock</desc>
<path fill="#000000" fill-rule="evenodd" d="M26 0c10.493 0 19 8.507 19 19v9h3a4 4 0 0 1 4 4v28a4 4 0 0 1-4 4H4a4 4 0 0 1-4-4V32a4 4 0 0 1 4-4h3v-9C7 8.507 15.507 0 26 0zm0 8c-5.979 0-10.843 4.77-10.996 10.712L15 19v9h22v-9c0-6.075-4.925-11-11-11z"/>
</svg>
</span>
) or <strong>https://</strong> means youve safely connected to the .gov website. Share sensitive information only on official, secure websites.
</p>
</div>
</div>
</div>
</div>
</div>
</div>
</section>
<section class="site-alert">
<div>
<div id="block-dmbnotificationsblock" class="settings-tray-editable block block-dismissible-message-bar block-dmb-notifications-block" data-drupal-settingstray="editable">
<div><div class="dmb-notifications-ajax-wrapper"></div>
</div>
</div>
</div>
</section>
<div class="usa-overlay"></div>
<header class="usa-header usa-header--extended usa-header--extended-megamenu osmre-header" id="header" role="banner">
<div class="region region-header usa-navbar" role="banner">
<div class="usa-logo site-logo osmre-logo" id="logo">
<em class="usa-logo__text">
<a class="logo-img" href="index.html" accesskey="1" title="Home" aria-label="Home">
<img src="themes/custom/osmre/OSMLogoColor.png" alt="Home" />
</a>
<a href="index.html" accesskey="1" title="Home" aria-label="Home">
<span>U.S. Department of the Interior</span>
Office of Surface Mining Reclamation and Enforcement
</a>
</em>
</div>
<button class="usa-menu-btn">Menu</button>
</div>
<nav class="usa-nav" role="navigation">
<div class="usa-nav__inner">
<button type="button" class="usa-nav__close">
<img src="themes/custom/osmre/assets/uswds/img/usa-icons/close.svg" alt="close"/>
</button>
<ul class="usa-nav__primary usa-accordion osmre-nav__primary" role="navigation">
<li class="usa-nav__primary-item">
<button class="usa-accordion__button usa-nav__link " aria-expanded="false" aria-controls="extended-mega-nav-section-1">
<span>About OSMRE</span>
</button>
<div id="extended-mega-nav-section-1" class="usa-nav__submenu usa-megamenu osmre-menu" hidden="">
<div class="osmre-menu-header">
<div class="usa-nav__submenu-item">
<a title="Read about OSMRE" href="about.html">
<span><h3>About OSMRE</h3></span>
</a>
</div>
</div>
<div class="osmre-menu-row">
<div class="">
<div class="usa-nav__submenu-item">
<a title="OSMRE Contacts" class="usa-nav__link" href="about/general-information.html">
<span><strong>General Information</strong></span>
</a>
</div>
<ul id="basic-nav-section-1" class="usa-nav__submenu-list">
<li class="usa-nav__submenu-item">
<a href="contact-us/map.html" title="OSMRE Map" >
<span>OSMRE Map</span>
</a>
</li>
<li class="usa-nav__submenu-item">
<a href="contact-us/state-tribal-contacts.html" title="State &amp; Tribal Contacts" >
<span>State and Tribal Contacts</span>
</a>
</li>
</ul>
</div>
<div class="">
<div class="usa-nav__submenu-item">
<a title="Our Mission and Vision Statements" class="usa-nav__link" href="about/mission-and-vision.html">
<span><strong>Mission &amp; Vision</strong></span>
</a>
</div>
<ul id="basic-nav-section-2" class="usa-nav__submenu-list">
<li class="usa-nav__submenu-item">
<a href="about/history.html" title="OSMRE History" >
<span>History</span>
</a>
</li>
</ul>
</div>
<div class="">
<div class="usa-nav__submenu-item">
<a title="OSMRE Offices" class="usa-nav__link" href="about/offices.html">
<span><strong>Offices and Organizations</strong></span>
</a>
</div>
<ul id="basic-nav-section-3" class="usa-nav__submenu-list">
<li class="usa-nav__submenu-item">
<a href="about/principal-deputy-director.html" title="OSMRE Principal Deputy Director" >
<span>OSMRE Principal Deputy Director</span>
</a>
</li>
<li class="usa-nav__submenu-item">
<a href="about/deputy-director.html" title="Deputy Director of OSMRE" >
<span>OSMRE Deputy Director</span>
</a>
</li>
<li class="usa-nav__submenu-item">
<a href="about/youth-volunteers.html" title="Information for Youth and Volunteers" >
<span>Volunteers and Internships</span>
</a>
</li>
</ul>
</div>
</div>
</div>
</li>
<li class="usa-nav__primary-item">
<button class="usa-accordion__button usa-nav__link " aria-expanded="false" aria-controls="extended-mega-nav-section-2">
<span>Programs</span>
</button>
<div id="extended-mega-nav-section-2" class="usa-nav__submenu usa-megamenu osmre-menu" hidden="">
<div class="osmre-menu-header">
<div class="usa-nav__submenu-item">
<a title="OSMRE&#039;s main programs" href="programs.html">
<span><h3>Programs</h3></span>
</a>
</div>
</div>
<div class="osmre-menu-row">
<div class="">
<div class="usa-nav__submenu-item">
<a title="Reclaiming Abandoned Mine Lands" class="usa-nav__link" href="programs/reclaiming-abandoned-mine-lands.html">
<span><strong>Reclaiming Abandoned Mine Lands</strong></span>
</a>
</div>
<ul id="basic-nav-section-1" class="usa-nav__submenu-list">
<li class="usa-nav__submenu-item">
<a href="programs/abandoned-mine-land-awards-program.html" title="AML Awards" >
<span>Abandoned Mine Land (AML) Awards</span>
</a>
</li>
<li class="usa-nav__submenu-item">
<a href="programs/reclaiming-abandoned-mine-lands/amler.html" >
<span>AML Economic Revitalization (AMLER) Program</span>
</a>
</li>
<li class="usa-nav__submenu-item">
<a href="programs/reclaiming-abandoned-mine-lands/amdtreat.html" title="AMDTreat" >
<span>AMDTreat</span>
</a>
</li>
<li class="usa-nav__submenu-item">
<a href="programs/reclamation-in-action.html" title="Reclamation in Action" >
<span>Reclamation in Action</span>
</a>
</li>
<li class="usa-nav__submenu-item">
<a href="programs/e-amlis.html" title="e-AMLIS" >
<span>e-AMLIS</span>
</a>
</li>
</ul>
</div>
<div class="">
<div class="usa-nav__submenu-item">
<a title="Regulating Active Coal Mines" class="usa-nav__link" href="programs/regulating-active-coal-mines.html">
<span><strong>Regulating Active Coal Mines</strong></span>
</a>
</div>
<ul id="basic-nav-section-2" class="usa-nav__submenu-list">
<li class="usa-nav__submenu-item">
<a href="programs/regulating-active-coal-mines/excellence-in-surface-coal-mining-reclamation-awards.html" title="Active Mine Awards" >
<span>Excellence in Surface Coal Mining Reclamation Awards</span>
</a>
</li>
<li class="usa-nav__submenu-item">
<a href="avs.html" title="Applicant Violator System" >
<span>Applicant Violator System</span>
</a>
</li>
<li class="usa-nav__submenu-item">
<a href="programs/regulating-active-coal-mines/blasting.html" title="Blasting " >
<span>Blasting </span>
</a>
</li>
<li class="usa-nav__submenu-item">
<a href="https://sscr.osmre.gov/" title="Coal Reclamation Fee Report" >
<span>Coal Reclamation Fee Report</span>
</a>
</li>
<li class="usa-nav__submenu-item">
<a href="programs/regulating-active-coal-mines/compliance-management.html" title="Compliance Management" >
<span>Compliance Management</span>
</a>
</li>
<li class="usa-nav__submenu-item">
<a href="programs/regulating-active-coal-mines/chia.html" title="Cumulative Hydrologic Impact Assessment" >
<span>Cumulative Hydrologic Impact Assessment</span>
</a>
</li>
<li class="usa-nav__submenu-item">
<a href="programs/regulating-active-coal-mines/federal-lands.html" >
<span>Federal Lands</span>
</a>
</li>
<li class="usa-nav__submenu-item">
<a href="programs/regulating-active-coal-mines/indian-lands.html" >
<span>Indian Lands</span>
</a>
</li>
<li class="usa-nav__submenu-item">
<a href="https://www.odocs.osmre.gov/" title="Oversight Document Database (O-Docs)" >
<span>Oversight Document Database (O-Docs)</span>
</a>
</li>
<li class="usa-nav__submenu-item">
<a href="programs/regulating-active-coal-mines/oversight.html" title="Oversight" >
<span>State and Tribal Oversight</span>
</a>
</li>
</ul>
</div>
<div class="">
<div class="usa-nav__submenu-item">
<a title="Technology Development and Transfer Program" class="usa-nav__link" href="programs/technology-and-transfer-program.html">
<span><strong>Technology Development and Transfer Program</strong></span>
</a>
</div>
<ul id="basic-nav-section-3" class="usa-nav__submenu-list">
<li class="usa-nav__submenu-item">
<a href="programs/science.html" title="Science" >
<span>Science</span>
</a>
</li>
<li class="usa-nav__submenu-item">
<a href="programs/technology.html" title="Technology" >
<span>Technology</span>
</a>
</li>
<li class="usa-nav__submenu-item">
<a href="programs/training.html" title="OSMRE Training" >
<span>Training</span>
</a>
</li>
</ul>
</div>
<div class="">
<div class="usa-nav__submenu-item">
<a href="programs/arri.html" title="Appalachian Region Reforestation Initiative (ARRI)" >
<span>Appalachian Regional Reforestation Initiative</span>
</a>
</div>
</div>
</div>
</div>
</li>
<li class="usa-nav__primary-item">
<button class="usa-accordion__button usa-nav__link " aria-expanded="false" aria-controls="extended-mega-nav-section-3">
<span>Laws &amp; Regulations</span>
</button>
<div id="extended-mega-nav-section-3" class="usa-nav__submenu usa-megamenu osmre-menu" hidden="">
<div class="osmre-menu-header">
<div class="usa-nav__submenu-item">
<a title="OSMRE&#039;s Laws and Regulations" href="laws-and-regulations.html">
<span><h3>Laws &amp; Regulations</h3></span>
</a>
</div>
</div>
<div class="osmre-menu-row">
<div class="">
<div class="usa-nav__submenu-item">
<a href="laws-and-regulations/authorizations-to-proceed.html" title="The process in which individual projects are requested and approved is called the Authorization to Proceed (ATP)." >
<span>Authorizations to Proceed</span>
</a>
</div>
</div>
<div class="">
<div class="usa-nav__submenu-item">
<a href="bil.html" title="Infrastructure Investment and Jobs Act" >
<span>Infrastructure Investment and Jobs Act</span>
</a>
</div>
</div>
<div class="">
<div class="usa-nav__submenu-item">
<a href="laws-and-regulations/chronology-of-major-smrca-related-events.html" title="Chronology of Major SMCRA-Related Events " >
<span>Chronology of Major SMCRA-Related Events</span>
</a>
</div>
</div>
<div class="">
<div class="usa-nav__submenu-item">
<a href="laws-and-regulations/directives.html" title="Directives" >
<span>Directives</span>
</a>
</div>
</div>
<div class="">
<div class="usa-nav__submenu-item">
<a href="laws-and-regulations/environmental-justice.html" title="Environmental Justice" >
<span>Environmental Justice</span>
</a>
</div>
</div>
<div class="">
<div class="usa-nav__submenu-item">
<a href="laws-and-regulations/federal-register-notices.html" title="Federal Register Documentation" >
<span>Federal Register Notices</span>
</a>
</div>
</div>
<div class="">
<div class="usa-nav__submenu-item">
<a href="laws-and-regulations/information-quality.html" title="Information Quality " >
<span>Information Quality </span>
</a>
</div>
</div>
<div class="">
<div class="usa-nav__submenu-item">
<a title="National Environmental Policy Act" class="usa-nav__link" href="laws-and-regulations/nepa.html">
<span><strong>National Environmental Policy Act (NEPA)</strong></span>
</a>
</div>
<ul id="basic-nav-section-8" class="usa-nav__submenu-list">
<li class="usa-nav__submenu-item">
<a href="laws-and-regulations/nepa/projects.html" >
<span>NEPA Projects and Documentation</span>
</a>
</li>
</ul>
</div>
<div class="">
<div class="usa-nav__submenu-item">
<a href="laws-and-regulations/scientific-integrity.html" title="Scientific Integrity " >
<span>Scientific Integrity </span>
</a>
</div>
</div>
</div>
</div>
</li>
<li class="usa-nav__primary-item">
<button class="usa-accordion__button usa-nav__link usa-current" aria-expanded="false" aria-controls="extended-mega-nav-section-4">
<span>Resources</span>
</button>
<div id="extended-mega-nav-section-4" class="usa-nav__submenu usa-megamenu osmre-menu" hidden="">
<div class="osmre-menu-header">
<div class="usa-nav__submenu-item">
<a title="OSMRE&#039;s Resources and Documents" href="resources.html">
<span><h3>Resources</h3></span>
</a>
</div>
</div>
<div class="osmre-menu-row">
<div class="">
<div class="usa-nav__submenu-item">
<a href="resources/a-z-index.html" title="A-Z Index " >
<span>A-Z Index </span>
</a>
</div>
</div>
<div class="">
<div class="usa-nav__submenu-item">
<a href="resources/annual-reports.html" title="Annual Reports " >
<span>Annual Reports </span>
</a>
</div>
</div>
<div class="">
<div class="usa-nav__submenu-item">
<a href="resources/budget-and-planning.html" title="Budget and Planning" >
<span>Budget and Planning</span>
</a>
</div>
</div>
<div class="">
<div class="usa-nav__submenu-item">
<a href="resources/careers.html" title="Information for Prospective Employees " >
<span>Careers at OSMRE</span>
</a>
</div>
</div>
<div class="">
<div class="usa-nav__submenu-item">
<a href="resources/coalex-reports.html" title="Coalex Reports " >
<span>Coalex Reports </span>
</a>
</div>
</div>
<div class="">
<div class="usa-nav__submenu-item">
<a href="resources/education-outreach.html" title="Education &amp; Outreach" >
<span>Education &amp; Outreach</span>
</a>
</div>
</div>
<div class="">
<div class="usa-nav__submenu-item">
<a href="resources/federal-assistance-manual.html" title="Federal Assistance Manual (FAM)" >
<span>Federal Assistance Manual</span>
</a>
</div>
</div>
<div class="">
<div class="usa-nav__submenu-item">
<a href="resources/forms.html" title="Forms, Applications, and Instructions" >
<span>Forms, Applications, and Instructions</span>
</a>
</div>
</div>
<div class="">
<div class="usa-nav__submenu-item">
<a href="resources/faqs.html" title="FAQs" >
<span>Frequently Asked Questions</span>
</a>
</div>
</div>
<div class="">
<div class="usa-nav__submenu-item">
<a href="resources/glossary.html" title="Glossary " >
<span>Glossary </span>
</a>
</div>
</div>
<div class="">
<div class="usa-nav__submenu-item">
<a href="resources/grants-resources.html" title="Grants an" >
<span>Grants and Funding Opportunities</span>
</a>
</div>
</div>
<div class="">
<div class="usa-nav__submenu-item">
<a href="resources/reclamation-bonds.html" title="Reclamation Bonds " >
<span>Reclamation Bonds </span>
</a>
</div>
</div>
<div class="">
<div class="usa-nav__submenu-item">
<a href="resources/sustainability.html" title="OSMRE Sustainable Procurement Plan (SPP)" >
<span>Sustainability</span>
</a>
</div>
</div>
<div class="">
<div class="usa-nav__submenu-item">
<a href="resources/tribal-consultation.html" >
<span>Tribal Consultation</span>
</a>
</div>
</div>
<div class="">
<div class="usa-nav__submenu-item">
<a href="vulnerability-disclosure-policy.html" title="Vulnerability Disclosure Policy" >
<span>Vulnerability Disclosure Policy</span>
</a>
</div>
</div>
</div>
</div>
</li>
<li class="usa-nav__primary-item">
<button class="usa-accordion__button usa-nav__link " aria-expanded="false" aria-controls="extended-mega-nav-section-5">
<span>Newsroom</span>
</button>
<div id="extended-mega-nav-section-5" class="usa-nav__submenu usa-megamenu osmre-menu" hidden="">
<div class="osmre-menu-header">
<div class="usa-nav__submenu-item">
<a title="News and communications from the Office of Surface Mining Reclamation and Enforcement." href="news/newsroom.html">
<span><h3>Newsroom</h3></span>
</a>
</div>
</div>
<div class="osmre-menu-row">
<div class="">
<div class="usa-nav__submenu-item">
<a href="news/archive.html" title="OSMRE&#039;s News Archive" >
<span>Archive</span>
</a>
</div>
</div>
<div class="">
<div class="usa-nav__submenu-item">
<a href="newsroom/fact-sheets.html" title="OSMRE Fact Sheets" >
<span>Fact Sheets</span>
</a>
</div>
</div>
<div class="">
<div class="usa-nav__submenu-item">
<a href="news.html" title="Most Recent OSMRE News Releases" >
<span>News Releases</span>
</a>
</div>
</div>
<div class="">
<div class="usa-nav__submenu-item">
<a href="news/social-media.html" title="Join the conversation with OSMRE on social media" >
<span>Social Media</span>
</a>
</div>
</div>
<div class="">
<div class="usa-nav__submenu-item">
<a href="news/stories.html" title="Stories" >
<span>Stories</span>
</a>
</div>
</div>
</div>
</div>
</li>
</ul>
<div class="usa-nav__secondary">
<form class="usa-search usa-search--small" action="https://www.osmre.gov/search/node" method="get" id="search-block-form" accept-charset="UTF-8">
<div role="search">
<input class="usa-input" id="extended-search-field-small" type="search" name="keys" />
<button class="usa-button" type="submit">
<img
src="themes/custom/osmre/assets/uswds/img/usa-icons-bg/search--white.svg"
class="usa-search__submit-icon"
alt="Search" />
</button>
</div>
</form>
<ul class="usa-nav__secondary-links">
<li class="usa-nav__secondary-item">
<a title="Definitions for vocabulary found on OSMRE.gov" href="resources/a-z-index.html">
A-Z Index
</a>
</li>
</ul>
</div>
</div>
</nav>
</header>
<main class="main-content usa-layout-docs usa-section osmre-section" role="main"
id="main-content">
<a id="main-content" tabindex="-1"></a>
<div class="grid-container">
<div class="grid-row">
</div>
<div class="">
<div data-drupal-messages-fallback class="hidden"></div>
</div>
<div class="grid-row grid-gap osmre-row">
<aside
class="usa-layout-docs__sidenav desktop:grid-col-3 layout-sidebar-first osmre-sidebar-first"
role="complementary">
<div id="block-resourcesmenu" class="settings-tray-editable" data-drupal-settingstray="editable">
<ul class="usa-sidenav osmre-sidenav ">
<li class="usa-sidenav__item expanded dropdown active active-trail first last">
<a title="OSMRE&#039;s Resources and Documents" class="usa-current" href="resources.html">
<span>Resources</span>
</a>
</li>
<ul class="usa-sidenav__sublist osmre-sidenav__sublist ">
<li class="usa-sidenav__item first">
<a title="A-Z Index" href="resources/a-z-index.html">
<span>A-Z Index</span>
</a>
</li>
<li class="usa-sidenav__item">
<a title="Annual Reports" href="resources/annual-reports.html">
<span>Annual Reports</span>
</a>
</li>
<li class="usa-sidenav__item">
<a title="Budget and Planning" href="resources/budget-and-planning.html">
<span>Budget and Planning</span>
</a>
</li>
<li class="usa-sidenav__item">
<a title="Information for Prospective Employees" href="resources/careers.html">
<span>Careers at OSMRE</span>
</a>
</li>
<li class="usa-sidenav__item">
<a title="Coalex Reports" href="resources/coalex-reports.html">
<span>Coalex Reports</span>
</a>
</li>
<li class="usa-sidenav__item">
<a title="Education &amp; Outreach" href="resources/education-outreach.html">
<span>Education &amp; Outreach</span>
</a>
</li>
<li class="usa-sidenav__item">
<a title="Frequently Asked Questions" href="resources/faqs.html">
<span>FAQs</span>
</a>
</li>
<li class="usa-sidenav__item">
<a title="Federal Assistance Manual (FAM)" href="resources/federal-assistance-manual.html">
<span>Federal Assistance Manual</span>
</a>
</li>
<li class="usa-sidenav__item">
<a title="Forms, Applications, and Instructions" href="resources/forms.html">
<span>Forms</span>
</a>
</li>
<li class="usa-sidenav__item">
<a title="Glossary" href="resources/glossary.html">
<span>Glossary</span>
</a>
</li>
<li class="usa-sidenav__item">
<a title="Grants and Funding Opportunities" href="resources/grants-resources.html">
<span>Grants</span>
</a>
</li>
<li class="usa-sidenav__item">
<a title="Reclamation Bonds" href="resources/reclamation-bonds.html">
<span>Reclamation Bonds</span>
</a>
</li>
<li class="usa-sidenav__item">
<a title="OSMRE Sustainable Procurement Plan (SPP)" href="resources/sustainability.html">
<span>Sustainability</span>
</a>
</li>
<li class="usa-sidenav__item">
<a href="resources/tribal-consultation.html">
<span>Tribal Consultation</span>
</a>
</li>
<li class="usa-sidenav__item active active-trail last">
<a title="Vulnerability Disclosure Policy" class="usa-current" href="vulnerability-disclosure-policy.html">
<span>Vulnerability Disclosure Policy</span>
</a>
</li>
</ul>
</ul>
</div>
</aside>
<div class="usa-layout-docs__main desktop:grid-col-9 osmre-layout-docs__main">
<h1 class="margin-0">
<span>Vulnerability Disclosure Policy</span>
</h1>
<div id="block-osmre-content" class="block block-system block-system-main-block">
<div class="node node--type-simple-page node--view-mode-full ds-3col-stacked-fluid clearfix">
<div class="group-header">
<div><h3><a class="usa-button" href="mailto:osm-csirt@osmre.gov?subject=Cybersecurity%20Tip/Information" rel="noopener" target="_blank" title="Report any Vulnerabilities to OSMRE Systems">Report any Vulnerabilities to OSMRE Systems</a></h3>
<h2>Introduction</h2>
<p>The Office of Surface Mining Reclamation and Enforcement (OSMRE) is committed to ensuring the security of the American public by protecting their information. This policy is intended to give security researchers clear guidelines for conducting vulnerability discovery activities and to convey our preferences in how to submit discovered vulnerabilities to us.</p>
<p>This policy describes&nbsp;<strong>what systems and types of research</strong>&nbsp;are covered under this policy,&nbsp;<strong>how to send us</strong>&nbsp;vulnerability reports, and&nbsp;<strong>how long</strong>&nbsp;we ask security researchers to wait before publicly disclosing vulnerabilities.</p>
<p>We encourage you to contact us to report potential vulnerabilities in our systems.</p>
<h2>Authorization&nbsp;</h2>
<p><strong>If you make a good faith effort to comply with this policy during your security research, we will consider your research to be authorized, we will work with you to understand and resolve the issue quickly, and OSMRE will not recommend or pursue legal action related to your research. Should legal action be initiated by a third party against you for activities that were conducted in accordance with this policy, we will make this authorization known.</strong></p>
<h2>Guidelines</h2>
<p>Under this policy, “research” means activities in which you:</p>
<ul>
<li>Notify us as soon as possible after you discover a real or potential security issue.</li>
<li>Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction or manipulation of data.</li>
<li>Only use exploits to the extent necessary to confirm a vulnerabilitys presence. Do not use an exploit to compromise or exfiltrate data, establish command line access and/or persistence, or use the exploit to pivot to other systems.&nbsp;</li>
<li>Provide us a reasonable amount of time to resolve the issue before you disclose it publicly.</li>
<li>Do not submit a high volume of low-quality reports.</li>
</ul>
<p>Once you have established that a vulnerability exists or encounter any sensitive data (including personally identifiable information, financial information, or proprietary information or trade secrets of any party),&nbsp;<strong>you must stop your test, notify us immediately, and not disclose this data to anyone else.</strong></p>
<h2>Test Methods</h2>
<p>The following test methods are not authorized:</p>
<ul>
<li>Network denial of service (DoS or DDoS) tests or other tests that impair access to or damage a system or data.</li>
<li>Physical testing (e.g. office access, open doors, tailgating), social engineering (e.g. phishing, vishing), or any other non-technical vulnerability testing.</li>
<li>Full red-team penetration testing that involves unauthorized access to our servers.</li>
</ul>
<h2>Scope&nbsp;</h2>
<p>This policy applies to the following systems and services:</p>
<ul>
<li>*.osmre.gov.</li>
</ul>
<p><strong>Any service not expressly listed above, such as any connected services, are excluded from scope&nbsp;</strong>and are not authorized for testing. Additionally, vulnerabilities found in systems from our vendors fall outside of this policys scope and should be reported directly to the vendor according to their Disclosure Policy (if any). If you arent sure whether a system is in scope or not, contact us at&nbsp;<a href="mailto:osm-csirt@osmre.gov?subject=Cybersecurity%20Tip/Information">osm-csirt@osmre.gov</a>&nbsp;before starting your research (or at the security contact for the systems domain name listed in the&nbsp;<a href="https://domains.dotgov.gov/dotgov-web/registration/whois.xhtml">.gov WHOIS</a>).&nbsp;</p>
<p>Though OSMRE develop and maintain other internet-accessible systems or services, we ask that active research and testing only be conducted on the systems and services covered by the scope of this document. If there is a particular system not in scope that you think merits testing, please contact us to discuss it first. We will increase the scope of this policy over time.&nbsp;</p>
<h2>Reporting a Vulnerability</h2>
<p><em>Information submitted under this policy will be used for defensive purposes only to mitigate or remediate vulnerabilities. If your findings include newly discovered vulnerabilities that affect all users of a product or service and not solely OSMRE, we may share your report with the Cybersecurity and Infrastructure Security Agency, where it will be handled under their&nbsp;<a href="https://www.cisa.gov/coordinated-vulnerability-disclosure-process">coordinated vulnerability disclosure process</a>. We will not share your name or contact information without express permission.</em></p>
<p><b>Vulnerabilities may be reported to <a href="mailto:osm-csirt@osmre.gov">osm-csirt@osmre.gov</a>.</b></p>
<h2>What We Would Like to See From You</h2>
<p>In order to help us triage and prioritize submissions, we recommend that your reports:</p>
<ul>
<li>Describe the location the vulnerability was discovered and the potential impact of exploitation.&nbsp;</li>
<li>Offer a detailed description of the steps needed to reproduce the vulnerability (proof of concept scripts or screenshots are helpful).</li>
<li>Be in English, if possible.</li>
</ul>
<h2>What You Can Expect From Us</h2>
<p>When you choose to share your contact information with us, we commit to coordinating with you as openly and as quickly as possible.</p>
<ul>
<li>Within 3 business days, we will acknowledge that your report has been received.&nbsp;</li>
<li>To the best of our ability, we will confirm the existence of the vulnerability to you and be as transparent as possible about what steps we are taking during the remediation process, including on issues or challenges that may delay resolution.&nbsp;</li>
<li>OSMRE does not provide payment to reporters for submitting vulnerabilities.
<ul>
<li>Reporters submitting vulnerabilities to OSMRE, in so doing, waive any claims to compensation.&nbsp;</li>
</ul>
</li>
</ul>
<h2>Questions</h2>
<p>Questions regarding this policy may be sent to&nbsp;<a href="mailto:osm-csirt@osmre.gov?subject=Cybersecurity%20Tip/Information">osm-csirt@osmre.gov</a>. We also invite you to contact us with suggestions for improving this policy.</p>
<h2>Documents</h2>
<ul>
<li><span><span><span><span><span><span><span><a href="https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcyber.dhs.gov%2Fassets%2Freport%2Fbod-20-01.pdf&amp;data=05%7C01%7Crevans%40osmre.gov%7Ca8c6268563184b54905f08da8a8c41ab%7C0693b5ba4b184d7b9341f32f400a5494%7C0%7C0%7C637974632237414831%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=2fu3x6k9JUXG0lNlurdjRTZU%2BvpBOkX0yw4tLwePyiU%3D&amp;reserved=0"><span>Binding Operational Directive 20-01 memo</span></a>.</span></span></span></span></span></span></span></li>
<li><span><span><span><span><span><span><span><a href="https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcyber.dhs.gov%2Fbod%2F20-01%2F%23implementation-guide&amp;data=05%7C01%7Crevans%40osmre.gov%7Ca8c6268563184b54905f08da8a8c41ab%7C0693b5ba4b184d7b9341f32f400a5494%7C0%7C0%7C637974632237414831%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=NVNMweS9h3boXEnS5qA9uMLkYhCH4n0KEF4nQy1ntfk%3D&amp;reserved=0"><span>Binding Operational Directive 20-01</span></a>.</span></span></span></span></span></span></span></li>
</ul>
</div>
</div>
<div class="group-footer">
</div>
</div>
</div>
</div>
</div>
</div>
</main>
<footer class="usa-footer usa-footer--big" role="contentinfo">
<div class="grid-container usa-footer__return-to-top">
<a href="#">Return to top</a>
</div>
<div class="usa-footer__primary-section osmre-footer-links">
<div class="usa-footer__primary-content">
<div class="grid-container">
<div class="grid-row grid-gap">
<div class="tablet:grid-col-12">
<nav class="usa-footer__nav">
<div class="grid-row grid-gap-4">
<div class="mobile-lg:grid-col-6 desktop:grid-col">
<section class="usa-footer__primary-content usa-footer__primary-content--collapsible">
<strong><a class="usa-footer__primary-link" href="about.html">About OSMRE</a></strong>
<ul class="usa-list usa-list--unstyled">
<li class="usa-footer__secondary-link">
<a title="A-Z Index" href="resources/a-z-index.html">A-Z Index</a>
</li>
<li class="usa-footer__secondary-link">
<a title="General Information about OSMRE" href="about/general-information.html">General Information</a>
</li>
<li class="usa-footer__secondary-link">
<a title="OSMRE&#039;s Mission and Vision" href="mission_and_vision.html">OSMRE Mission &amp; Vision</a>
</li>
<li class="usa-footer__secondary-link">
<a title="Organization Chart for the Office of Surface Mining Reclamation and Enforcement" href="sites/default/files/inline-files/OSMRE-Organization-Chart-For-OSMRE.gov_.pdf">OSMRE Organization Chart</a>
</li>
<li class="usa-footer__secondary-link">
<a title="State and Tribal Contacts" href="contact-us/state-tribal-contacts.html">State and Tribal Contacts</a>
</li>
</ul>
</section>
</div>
<div class="mobile-lg:grid-col-6 desktop:grid-col">
<section class="usa-footer__primary-content usa-footer__primary-content--collapsible">
<strong><a class="usa-footer__primary-link" href="resources.html">Resources</a></strong>
<ul class="usa-list usa-list--unstyled">
<li class="usa-footer__secondary-link">
<a title="Accessibility" href="https://www.doi.gov/accessibility">Accessibility</a>
</li>
<li class="usa-footer__secondary-link">
<a title="Cummings Act Notices" href="https://www.doi.gov/cummings-act-notices">Cummings Act Notices</a>
</li>
<li class="usa-footer__secondary-link">
<a title="United States Department of the Interior" href="https://www.doi.gov/">Department of the Interior</a>
</li>
<li class="usa-footer__secondary-link">
<a title="OSMRE Website Disclaimer" href="https://www.doi.gov/disclaimer">Disclaimer</a>
</li>
<li class="usa-footer__secondary-link">
<a title="Freedom of Information Ax=ct" href="https://www.doi.gov/foia">Freedom of Information Act</a>
</li>
<li class="usa-footer__secondary-link">
<a title="No Fear Act Report Repository" href="https://www.doi.gov/pmb/eeo/reports-repository">No Fear Act Reports</a>
</li>
<li class="usa-footer__secondary-link">
<a title="OSMRE Web Privacy Policy and Important Notices" href="https://www.doi.gov/privacy">Privacy Policy</a>
</li>
<li class="usa-footer__secondary-link">
<a title="Vulnerability Disclosure Policy" href="vulnerability-disclosure-policy.html">Vulnerability Disclosure Policy</a>
</li>
</ul>
</section>
</div>
<div class="mobile-lg:grid-col-6 desktop:grid-col">
<section class="usa-footer__primary-content usa-footer__primary-content--collapsible">
<strong><a class="usa-footer__primary-link" href="#">Quick Links</a></strong>
<ul class="usa-list usa-list--unstyled">
<li class="usa-footer__secondary-link">
<a title="Abandoned Mine Land Inventory System (e-AMLIS) " href="programs/e-amlis.html">e-AMLIS</a>
</li>
<li class="usa-footer__secondary-link">
<a href="avs.html">Applicant Violator System</a>
</li>
<li class="usa-footer__secondary-link">
<a title="GeoMine" href="https://geomine.osmre.gov/">GeoMine</a>
</li>
<li class="usa-footer__secondary-link">
<a title="National Mine Map Repository" href="programs/national-mine-map-repository.html">National Mine Map Repository</a>
</li>
<li class="usa-footer__secondary-link">
<a title="Oversight Document Database (O-Docs)" href="https://www.odocs.osmre.gov/">Oversight Document Database (O-Docs)</a>
</li>
</ul>
</section>
</div>
</div>
</nav>
</div>
</div>
</div>
</div>
</div>
</footer>
</div>
<script type="application/json" data-drupal-selector="drupal-settings-json">{"path":{"baseUrl":"\/","pathPrefix":"","currentPath":"node\/1361","currentPathIsAdmin":false,"isFront":false,"currentLanguage":"en"},"pluralDelimiter":"\u0003","suppressDeprecationErrors":true,"google_analytics":{"account":"UA-39841921-1","trackOutbound":true,"trackMailto":true,"trackTel":true,"trackDownload":true,"trackDownloadExtensions":"7z|aac|arc|arj|asf|asx|avi|bin|csv|doc(x|m)?|dot(x|m)?|exe|flv|gif|gz|gzip|hqx|jar|jpe?g|js|mp(2|3|4|e?g)|mov(ie)?|msi|msp|pdf|phps|png|ppt(x|m)?|pot(x|m)?|pps(x|m)?|ppam|sld(x|m)?|thmx|qtm?|ra(m|r)?|sea|sit|tar|tgz|torrent|txt|wav|wma|wmv|wpd|xls(x|m|b)?|xlt(x|m)|xlam|xml|z|zip","trackDomainMode":1},"dmbNotificationEntities":{"36":{"content":"\u003Cdiv class=\u0022dmb-notification\u0022 dmb-notification-id=\u002236\u0022 dmb-cookie-expiration=\u0022365\u0022 dmb-auto-dismiss=\u00220\u0022 dmb-dismiss-time=\u002215\u0022\u003E\u003Cdiv class=\u0022dmb-notification-content\u0022\u003E\n \u003Cdiv\u003E\n \u003Cdiv\u003E\n\n\u003Cdiv class=\u0022paragraph paragraph--type--page-text paragraph--view-mode--default paragraph--id--4886\u0022\u003E\n \u003Cdiv class=\u0022paragraph__column\u0022\u003E\n \n \u003Cdiv\u003E\u003Cdiv class=\u0022usa-alert usa-alert--info\u0022\u003E\n\u003Cdiv class=\u0022usa-alert__body\u0022\u003E\n\u003Ch4 class=\u0022usa-alert__heading\u0022\u003EWe are soliciting comments and suggested evaluation topics from citizens, environmental groups, industry and other interested parties regarding our \u003Ca href=\u0022https:\/\/www.odocs.osmre.gov\/\u0022\u003EProposed Oversight Performance Agreements\u003C\/a\u003E.\u003C\/h4\u003E\n\n\u003Cp class=\u0022usa-alert__text\u0022\u003EPlease submit comments for consideration between \u003Cstrong\u003EMay 1 \u2013 15, 2024\u003C\/strong\u003E, by email or in writing, to \u003Ca href=\u0022https:\/\/www.osmre.gov\/contact-us\/map\u0022\u003Eyour state or tribal contact\u003C\/a\u003E.\u003C\/p\u003E\n\u003C\/div\u003E\n\u003C\/div\u003E\n\u003C\/div\u003E\n \n \u003C\/div\u003E\n\u003C\/div\u003E\n\u003C\/div\u003E\n \u003C\/div\u003E\n \u003C\/div\u003E\n\u003Ca href=\u0022\u0022 class=\u0022close-dmb-notification\u0022\u003EClose notification\u003C\/a\u003E\u003C\/div\u003E\n","startTime":"2024-04-30T20:30:00+00:00","endTime":"2024-05-16T04:00:00+00:00","contentTypes":[],"sitewide":"0","pathLimit":["\/programs\/regulating-active-coal-mines\/oversight"],"excluded":[],"id":"36"}},"dmbNotifications":{"dmb-notifications-ajax-wrapper":{"notificationWrapper":".dmb-notifications-ajax-wrapper","contentType":"simple_page","contentPath":"\/vulnerability-disclosure-policy","notificationType":""}},"user":{"uid":0,"permissionsHash":"2b331291da10c0688e720e94345dfc5583f4df212988c943c03fa1f0272919ae"}}</script>
<script src="https://www.osmre.gov/core/assets/vendor/jquery/jquery.min.js?v=3.7.1"></script>
<script src="https://www.osmre.gov/core/misc/drupalSettingsLoader.js?v=10.2.6"></script>
<script src="https://www.osmre.gov/core/misc/drupal.js?v=10.2.6"></script>
<script src="https://www.osmre.gov/core/misc/drupal.init.js?v=10.2.6"></script>
<script src="modules/contrib/google_analytics/js/google_analytics514f.js?v=10.2.6"></script>
<script src="themes/custom/osmre/assets/uswds/js/uswds.min6878.js?scv7cu"></script>
<script src="modules/contrib/dismissible_message_bar/js/dismissible_message_barf9e3.js?v=1.1"></script>
</body>
<!-- Mirrored from www.osmre.gov/vulnerability-disclosure-policy by HTTrack Website Copier/3.x [XR&CO'2014], Thu, 02 May 2024 20:53:37 GMT -->
</html>
Reference in New Issue View Git Blame Copy Permalink