Sens. Mark Warner, D-Va., and James Lankford, R-Okla. have put forward the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2024, which would extend the coverage of the National Institute of Standards and Technology’s vulnerability disclosure policies, or VDPs, to federal contractors.
A companion House bill has been introduced by Rep. Nancy Mace, R-S.C., calling for a Federal Acquisition Regulation update requiring federal contractors to implement VDPs, Warner’s office said Friday.
The policies currently cover civilian federal agencies but do not regulate the information systems that federal contractors use in their contracts, the senator’s office added.
One of the provisions of the Warner-Lankford bill requires the Secretary of Defense to direct revisions on the Defense Federal Acquisition Regulation Supplement contract requirements to ensure contractors’ compliance to VDPs.
Warner describes VDPs as proactive tools to mitigate cyber vulnerabilities. “This legislation will ensure that federal contractors, along with federal agencies, are adhering to national guidelines that will better protect our critical infrastructure, and sensitive data from potential attacks,” he stressed.