A bipartisan group of lawmakers is making a renewed effort to bolster cybersecurity requirements for federal government contractors. Senators Mark Warner (D-Va.) and James Lankford (R-Okla.) have reintroduced the Federal Contractor Cybersecurity Vulnerability Reduction Act, which would require contractors to adhere to guidelines set by the National Institute of Standards and Technology (NIST) for vulnerability disclosure policies (VDPs).
VDPs are mechanisms that allow organizations to receive and act on unsolicited reports of software vulnerabilities, enabling them to fix issues before they can be exploited. The proposed legislation aims to ensure that companies doing business with the federal government are held to the same cybersecurity standards as federal agencies.
“VDPs are crucial tools to help ensure that the federal government is operating using safe cybersecurity practices,” said Sen. Warner in a press release. “This legislation will ensure that companies doing business with the federal government are held to the same standards, better securing the entire supply chain and protecting our national security.”
Sen. Lankford echoed that sentiment, emphasizing the need for timely information-sharing. “Federal agencies and contractors must be quickly made aware of cyber vulnerabilities so they can resolve them. By strengthening cybersecurity efforts, contractors and agencies can keep their focus on serving the American people and keep data and systems safe from cybercrimes and hacking,” he stated.
The bill had previously cleared the Senate Homeland Security and Governmental Affairs Committee last November but did not receive a full vote on the Senate floor. Its House counterpart, introduced by Representatives Nancy Mace (R-S.C.) and Shontel Brown (D-Ohio), was reintroduced in January and successfully passed the House in March.
A key feature of the legislation is a mandate for the Office of Management and Budget (OMB) to monitor updates to the Federal Acquisition Regulation (FAR), ensuring federal contractors are implementing VDPs consistent with NIST guidelines. Similar provisions apply to the Defense Federal Acquisition Regulation Supplement (DFARS), with oversight responsibilities assigned to the Secretary of Defense.
The bill has attracted significant support from industry leaders. Bruce Byrd, Executive Vice President and General Counsel at Palo Alto Networks, called the legislation a means to “promote federal cyber resilience” and enhance the overall cybersecurity ecosystem.
As cyber threats continue to evolve, lawmakers and cybersecurity professionals alike are urging swift action to unify and strengthen the nation’s digital defenses—starting with those who help power the federal infrastructure.
Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
