Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

New bill would require all federal contractors to develop vulnerability disclosure policies

The Federal Cybersecurity Vulnerability Reduction Act aims to establish standardized vulnerability disclosure policies across all federal contractors.

Rep. Nancy Mace, R-S.C., has introduced a bill Thursday that would require all federal contractors to implement vulnerability disclosure policies, as part of an effort to prevent the exploitation of software vulnerabilities on federal networks.

The Federal Cybersecurity Vulnerability Reduction Act instructs the Office of Management and Budget, the Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology to develop recommendations for the Federal Acquisition Regulation Council to update contract requirements, ensuring federal contractors implement vulnerability disclosure policies consistent with NIST guidelines. 

The bill also calls on the Defense Department specifically to develop new requirements for all contractors to implement standardized vulnerability disclosure policies within six months, and tasks the Defense secretary with revising current acquisition regulations to include new information sharing requirements for contractors that face potential security vulnerabilities. 

Mace, who serves as chair of the House Oversight Subcommittee on Cybersecurity, Information Technology and Government Innovation, said in a statement that the new bill will play a “crucial role” in safeguarding U.S. digital infrastructure. 

“By mandating vulnerability disclosure policies for federal contractors, we can ensure a proactive approach to cybersecurity,” she said, adding that the bill “empowers contractors to stay ahead of malicious actors, preventing potential exploits and protecting sensitive information.”

The legislation builds off recent federal guidance instructing agencies to develop and implement vulnerability disclosure policies, including a binding operational directive published by CISA in 2020. OMB also issued a vulnerability disclosure policy that provided a roadmap for agencies to manage their vulnerability research programs that same year. 

Ilona Cohen, chief legal and policy officer of the cybersecurity firm HackerOne, said the new bill “fills an important gap in the security of contractors who are supporting government functions.”

Currently, the Internet of Things Cybersecurity Improvement Act of 2020 only requires certain contractors to implement disclosure policies.

“Engaging the security researcher community through [vulnerability disclosure policies] is a proven, effective way for federal contractors to identify vulnerabilities in their systems,” Cohen said. 

The National Cybersecurity Strategy implementation plan, released in July, also called for coordinated vulnerability disclosures across the public and private sectors, tasking CISA with building domestic and international support for increased vulnerability disclosures and establishing an international vulnerability coordinator community of practice.

Source: https://www.nextgov.com/cybersecurity/2023/08/new-bill-would-require-all-federal-contractors-develop-vulnerability-disclosure-policies/389695/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Bureaucracy and dispersed authorities hinder the Cybersecurity and Infrastructure Security Agency’s ability to carry out its mission as network cyber lead, according to an...

Cyber Security

Agency resources are intended to address the longstanding challenges health systems and hospitals have faced from increasingly advanced cyberattacks. The Cybersecurity and Infrastructure Security...

Cyber Security

The nation’s cyber defense agency wants to play a key role in hardening the broader open source software security ecosystem. The Cybersecurity and Infrastructure...

Cyber Security

State-backed hacking groups have breached a U.S. aeronautical organization using exploits targeting critical Zoho and Fortinet vulnerabilities, a joint advisory published by CISA, the...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO