security.txt

The site has a security.txt file.

Impact

(How ScanGov measures tasklist priorities.)

Why it's important

A security.txt file is a standard for websites to provide contact information and guidelines for reporting security vulnerabilities. It helps security researchers and good actors to report potential issues with the site to the responsible parties. Without a security.txt file, it may be harder for researchers to reach out to the website's administrators, potentially delaying the response to security threats.

User stories

As a security researcher, I want to find a security.txt file on the website so that I can report vulnerabilities to the right contact securely and efficiently.

Error

(ScanGov messaging when a site fails a standard)

No available security.txt file.

Guidance

CISA Cybersecurity Performance Goals
RFC 9116
security.txt

Indicator

Security