security.txt

The site has a security.txt file.

Copy link
- LinkedIn
- Bluesky
- X
- Facebook

Indicators

Security

Impact

(How ScanGov measures tasklist priorities.)

About

security.txt is a text file located on the site root-level or `/.well-known/` directory that helps improve vulnerability disclosure by giving security researchers clear contact and reporting information.

security.txt is an accepted standard (RFC 9116) by the Internet Engineering Task Force.

Why it's important

Provides contact info for reporting security issues, helping site owners fix problems quickly and keep users safe.

User stories

As a security researcher, I want to find a security.txt file on the website so that I can report vulnerabilities to the right contact securely and efficiently.

Error

(ScanGov messaging when a site fails a standard)

No available security.txt file.

Guidance

CISA Cybersecurity Performance Goals
RFC 9116