The purpose of this repository is to provide machine-readable security advisories using the OASIS Common Security Advisory Framework (CSAF) Version 2.0 standard for CISA's Information Technology (IT) and Operational Technology (OT) advisories. By providing machine-readable advisories using CSAF v2.0, vendors and providers of software and hardware can join CISA and many other leading organizations in taking proactive steps to enable automation and help to reduce the time required for enterprises to understand organizational impact and drive timely remediation.

CSAF is a standard for machine-readable security advisories developed by the OASIS CSAF Technical Committee. CSAF enables individuals and organizations to successfully disclose and consume security advisories in machine-readable format. The standard also specifies the distribution and discovery of CSAF documents. The CSAF Security Advisory files found in this repository were designed following the CSAF v2.0 standard published by OASIS Open.

Please submit issues to the Issues Tracker of the CSAF repository with any comments or questions.

For details of CISA's CSAF Trusted Provider Role, including Public PGP key, visit CISA CSAF Provider Metadata.