In a bid to bolster the cybersecurity defenses of federal contractors and safeguard U.S. digital infrastructure, Rep. Nancy Mace (R-S.C.) has introduced the “Federal Cybersecurity Vulnerability Reduction Act.” This legislation mandates federal contractors to adopt comprehensive security vulnerability disclosure policies.
The bill outlines a multi-agency approach, requiring collaboration among the Office of Management and Budget, the Cybersecurity and Infrastructure Security Agency (CISA), and the National Institute of Standards and Technology (NIST). These agencies would be responsible for drafting recommendations to update contract requirements within the Federal Acquisition Regulation Council.
A significant highlight of the proposed bill is the stipulation that the Department of Defense develop standardized security vulnerability disclosure policies for all contractors within six months. Rep. Mace, who chairs the House Oversight Subcommittee on Cybersecurity, Information Technology, and Government Innovation, emphasizes that the legislation’s aim is proactive cybersecurity.
This proposed legislation builds upon recent federal directives that urge agencies to develop and implement vulnerability disclosure policies. With federal guidance already in place, including binding operational directives from CISA, the “Federal Cybersecurity Vulnerability Reduction Act” aims to establish a more robust and comprehensive framework for cybersecurity in federal contracts.
Experts in the field, such as Ilona Cohen, Chief Legal and Policy Officer at cybersecurity firm HackerOne, praised the legislation for bridging the security gap in contractor support for government functions. As Nextgov reports, Cohen commented that engaging with the security researcher community through these kinds of disclosure programs “is a proven, effective way for federal contractors to identify vulnerabilities in their systems.”
Against the backdrop of an increasingly complex threat landscape, the legislation aligns with the National Cybersecurity Strategy implementation plan’s goal of promoting coordinated vulnerability disclosures across public and private sectors. As the bill takes center stage in legislative discussions, its potential impact on federal cybersecurity practices and collaborative efforts between agencies and contractors remains a key focus.
Source: Nextgov
–
August 28, 2023 – by the FindBiometrics Editorial Team
Related News
Space Force Guardians Would Rather Wear a Smartwatch Than Get a Physical – Identity News Digest
DISA Launches AI Concierge System for Internal Use
New Defence Contractor Rules Poised to Boost Biometric Adoption
Luxand Marks NIST Testing Success, Launches Upgraded SDK
OMB Guidance on AI Procurement Stresses Need to Avoid Bias, Vendor Lock-In
ID Tech Digest – October 3, 2024
Follow Us