Bill

Bill > HR1258


US HR1258

US HR1258
Improving Contractor Cybersecurity Act


summary

Introduced
02/12/2025
In Committee
02/12/2025
Crossed Over
Passed
Dead

Introduced Session

119th Congress

Bill Summary

A BILL To amend title 41, United States Code, to require information technology contractors to maintain a vulnerability disclosure policy and program, and for other purposes.

AI Summary

This bill requires information technology (IT) contractors working with the federal government to establish and maintain a comprehensive vulnerability disclosure policy and program. The policy must include details such as which systems are in scope, allowed types of technology testing, guidelines for handling sensitive information, and clear procedures for researchers to submit vulnerability reports anonymously. Contractors must provide a dedicated webpage for vulnerability submissions, outline communication processes with researchers, and set target timelines for addressing reported vulnerabilities. Additionally, contractors must report valid or credible vulnerabilities to the Cybersecurity and Infrastructure Security Agency (CISA) within 7 days of discovery, particularly those involving commercial software that could potentially impact other government or industry entities. If a vulnerability is discovered that the contractor cannot patch themselves, they must either submit it to the responsible party or direct the researcher accordingly. The bill aims to improve cybersecurity practices by creating a standardized, transparent process for identifying and addressing potential security weaknesses in government IT systems, while protecting researchers who discover and report these vulnerabilities in good faith.

Committee Categories

Government Affairs

Sponsors (1)

Last Action

Referred to the House Committee on Oversight and Government Reform. (on 02/12/2025)

bill text


bill summary

Loading...

bill summary

Loading...
Loading...