CyberScoop reports that Sens. Mark Warner, D-Va., and James Lankford, R-Okla., have reintroduced the Federal Contractor Cybersecurity Vulnerability Reduction Act that would compel federal contractors to adhere to the National Institute of Standards and Technology's vulnerability disclosure policy recommendations months after a companion bipartisan bill was approved by the House.
Aside from requiring the Office of Management and Budget to track Federal Acquisition Regulation updates ensuring federal contractors' compliance with VDPs aligned with NIST standards, such legislation would also mandate the Defense secretary to monitor Defense Federal Acquisition Regulation Supplement changes. " This legislation will ensure that companies doing business with the federal government are held to the same standards, better securing the entire supply chain and protecting our national security," said Warner. Meanwhile, industry experts have expressed support for the measure, with HackerOne Chief Legal and Policy Officer Ilona Cohen emphasizing its importance in dealing with a "critical gap" in the U.S.'s defenses.
Aside from requiring the Office of Management and Budget to track Federal Acquisition Regulation updates ensuring federal contractors' compliance with VDPs aligned with NIST standards, such legislation would also mandate the Defense secretary to monitor Defense Federal Acquisition Regulation Supplement changes. " This legislation will ensure that companies doing business with the federal government are held to the same standards, better securing the entire supply chain and protecting our national security," said Warner. Meanwhile, industry experts have expressed support for the measure, with HackerOne Chief Legal and Policy Officer Ilona Cohen emphasizing its importance in dealing with a "critical gap" in the U.S.'s defenses.
