The National Institute of Science and Technology (NIST) has released Revision 5 of its Special Publication 800-53 Guidelines, which aims to bring good-faith security researchers closer to standard IT security controls. The revision introduces vulnerability disclosure programs as a recommended control, explicitly authorizing good-faith security research and establishing publicly discoverable channels for reporting vulnerabilities. This move is intended to legitimize the role of good-faith hackers in securing the internet and acknowledges that security research will occur regardless of authorization. NIST also clarifies the distinction between vulnerability disclosure programs, public bug bounty programs, and private crowdsourced security programs, emphasizing the importance of integrating security feedback into a vulnerability management strategy. The revision is seen as a significant step towards legitimizing the work of good-faith hackers and enhancing the internet's immune system against cyber threats.