Bill > S1899

This bill aims to improve cybersecurity practices for federal contractors by requiring them to implement vulnerability disclosure policies aligned with National Institute of Standards and Technology (NIST) guidelines. Specifically, within 180 days of enactment, the Office of Management and Budget, in consultation with key cybersecurity agencies, must review and recommend updates to the Federal Acquisition Regulation (FAR) contract requirements. These recommendations will ensure that covered contractors, defined as those with contracts at or above the simplified acquisition threshold or those managing federal information systems, have a standardized process for identifying and addressing potential security vulnerabilities. The Federal Acquisition Regulation Council will then update contract language to require contractors to actively solicit and address security vulnerabilities, aligning with industry best practices and international standards. The bill allows agency heads to waive these requirements for national security or research purposes, but they must notify congressional committees within 30 days of doing so. Importantly, the bill does not authorize additional funding for its implementation, meaning agencies must absorb the costs within existing budgets.

Military Affairs and Security

https://www.congress.gov/bill/119th-congress/senate-bill/1899/all-info