Rep. Nancy Mace, R-S.C., has introduced a bill that would direct the Office of Management and Budget to update the Federal Acquisition Regulation to require federal contractors to implement vulnerability disclosure policies, Federal News Network reported Thursday.
The Federal Cybersecurity Vulnerability Reduction Act would require defense contractors to comply with procurement regulations while permitting chief information officers at agencies to waive VDP requirements “in the interest of national security or research purposes.”
According to FNN, the proposed legislation would extend the VDP requirements to all contracts that are over the simplified acquisition threshold.
“By mandating Vulnerability Disclosure Policies (VDP) for federal contractors, we can ensure a proactive approach to cybersecurity, enabling contractors to identify and address software vulnerabilities promptly,” Mace said in a statement.
“This legislation, aligned with internationally recognized standards, empowers contractors to stay ahead of malicious actors, preventing potential exploits and protecting sensitive information,” she added.
Mace is chairwoman of the House Oversight and Accountability Committee’s cybersecurity, information technology and government innovation subpanel.