If you discover a potential security issue related to the Active Cyber Program (ACP) framework or its documentation, please report it responsibly.
Security issues may include:
- vulnerabilities in the assessment methodology
- weaknesses in the certification process
- misuse of ACP certification or trust labels
- security concerns related to published templates or guidance
Please report security concerns directly to:
Wechsler Information Solution
Responsible contact: Tom Wechsler
We encourage responsible disclosure of potential issues.
When reporting a security issue, please include as much information as possible, such as:
- description of the issue
- affected document or component
- potential impact
- suggested improvements (if available)
Reports will be reviewed and addressed as appropriate.
This security policy applies to the Active Cyber Program (ACP) framework repository, including:
- framework documentation
- assessment methodology
- certification model
- templates and examples
It does not apply to third-party systems or external implementations.
All reported issues will be evaluated and handled with care.
If a relevant issue is confirmed, appropriate actions may include:
- updating framework documentation
- improving assessment methodology
- clarifying certification requirements
- publishing framework updates
Updates will be documented in the project CHANGELOG.
The goal of the Active Cyber Program (ACP) is to strengthen cybersecurity practices.
Feedback and responsible reporting help improve the framework and contribute to stronger cybersecurity programs across organizations.