H.R. 872 House Government Operations and Politics
Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025
STAGE 4 OF 8 — HOUSE FLOOR
Currently in the House. Last action: received in the senate and read twice and referred to the committee on homeland security and governmental affairs on Mar 4, 2025.
- House Introduced in House Jan 31, 2025
- House Referred to the Committee on Oversight and Government Reform, and in addition to the Committee on Armed Services, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned. Jan 31, 2025
- House Mr. Comer moved to suspend the rules and pass the bill, as amended. Mar 3, 2025
- House Considered under suspension of the rules. (consideration: CR H930-932) Mar 3, 2025
- House DEBATE - The House proceeded with forty minutes of debate on H.R. 872. Mar 3, 2025
- House Passed/agreed to in House: On motion to suspend the rules and pass the bill, as amended Agreed to by voice vote. (text: CR H930-931) Mar 3, 2025
- House On motion to suspend the rules and pass the bill, as amended Agreed to by voice vote. (text: CR H930-931) Mar 3, 2025
- House Motion to reconsider laid on the table Agreed to without objection. Mar 3, 2025
- Senate Received in the Senate and Read twice and referred to the Committee on Homeland Security and Governmental Affairs. Mar 4, 2025
Cosponsors
1
Subjects
Computer security and identity theftGovernment information and archivesPublic contracts and procurement
Committees
- Homeland Security and Governmental Affairs Committee
- Referred To , Mar 4, 2025
- Armed Services Committee
- Referred To , Jan 31, 2025
- Oversight and Government Reform Committee
- Referred To , Jan 31, 2025
Summary
Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025This bill requires revisions to acquisition regulations related to information systems vulnerabilities for certain federal contractors. The revisions apply to contractors whose contract is at or above the simplified acquisition threshold ($250,000 in most cases) or that use, operate, manage, or maintain a federal information system on behalf of an agency. Under the bill, the Office of Management and Budget must review the Federal Acquisition Regulation (FAR) and recommend updated contract requirements and language for contractor vulnerability disclosure programs. (Such programs establish processes for identifying, reporting, and mitigating information system vulnerabilities discovered by security researchers, software developers, and others.) The recommendations must include requirements to ensure that such contractors implement vulnerability disclosure policies consistent with guidelines from the National Institute of Standards and Technology. The Federal Acquisition Regulation Council must review these recommendations and update the FAR as necessary to incorporate requirements for such contractors to receive information about potential security vulnerabilities in contractor information systems used in performance of contract.The Department of Defense (DOD) must conduct a similar review and update of regulations with respect to the DOD Supplement to the FAR.
Summary as of: Introduced in House
Comments · 0
Please log in to post a comment.
Loading comments...