Bill > HR872

This bill requires federal contractors to implement a vulnerability disclosure policy in line with National Institute of Standards and Technology (NIST) guidelines. Specifically, the bill directs the Office of Management and Budget (OMB), in consultation with key cybersecurity agencies, to review and recommend updates to Federal Acquisition Regulation (FAR) contract requirements within 180 days. These updates will ensure that "covered contractors" (defined as contractors with contracts at or above the simplified acquisition threshold or those managing federal information systems) have a standardized process for receiving and addressing potential security vulnerabilities. The bill mandates that these vulnerability disclosure policies align with existing cybersecurity improvement acts and international standards. The Department of Defense is also required to conduct a similar review of its supplement to the FAR (DFARS). Agency heads are allowed to seek waivers for national security or research purposes, but must notify congressional committees within 30 days of granting such waivers. The goal is to create a more consistent and robust approach to identifying and addressing cybersecurity risks across federal contractor networks, ultimately enhancing the overall security of federal information systems.

Government Affairs, Military Affairs and Security

https://www.congress.gov/bill/119th-congress/house-bill/872/all-info