To require covered contractors implement a vulnerability disclosure policy consistent with NIST guidelines, and for other purposes.
Sponsors
Legislative Progress
Passed HouseReceived; read twice and referred to the Committee on Homeland …
Passed House (inferred from eh version)
Ms. Mace (for herself and Ms. Brown) introduced the following …
Summary
What This Bill Does
Requires OMB to update Federal Acquisition Regulation to ensure federal contractors implement vulnerability disclosure policies consistent with NIST guidelines, building on the IoT Cybersecurity Improvement Act of 2020.
Who Benefits and How
Federal government gains stronger cybersecurity from contractors. Security researchers have clear channel to report vulnerabilities.
Who Bears the Burden and How
Federal contractors must implement NIST-compliant vulnerability disclosure policies. FAR Council updates contracting rules within 180 days.
Key Provisions
- OMB reviews FAR vulnerability disclosure requirements within 180 days
- Must align with NIST guidelines from IoT Cybersecurity Improvement Act
- FAR Council updates contract language
- Consultation with CISA, National Cyber Director, NIST
Evidence Chain:
This summary is derived from the structured analysis below. See "Detailed Analysis" for per-title beneficiaries/burden bearers with clause-level evidence links.
Primary Purpose
Requires federal contractors to implement vulnerability disclosure policies per NIST guidelines
Policy Domains
Legislative Strategy
"Strengthen federal supply chain cybersecurity"
Bill Structure & Actor Mappings
Who is "The Secretary" in each section?
- "the_director"
- → Director of OMB
We use a combination of our own taxonomy and classification in addition to large language models to assess meaning and potential beneficiaries. High confidence means strong textual evidence. Always verify with the original bill text.
Learn more about our methodology