Bill requiring federal contractors to have vulnerability disclosure policies gets House redo | CyberScoop<\/title> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/federal-contractors-vulnerability-disclosure-policies-house-bill\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Bill requiring federal contractors to have vulnerability disclosure policies gets House redo\"> <meta property=\"og:description\" content=\"Reps. Nancy Mace and Shontel Brown reintroduced VDP legislation after the 2024 bipartisan, bicameral bill didn\u2019t get a full Senate vote.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/federal-contractors-vulnerability-disclosure-policies-house-bill\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2025-01-31T20:47:32+00:00\"> <meta property=\"article:modified_time\" content=\"2025-01-31T20:47:34+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/bill-requiring-federal-contractors-to-have-vulnerability-disclosure-policies-gets-house-redo-2.jpg\"> <meta property=\"og:image:width\" content=\"1024\"> <meta property=\"og:image:height\" content=\"654\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"mbracken\"> <meta name=\"twitter:card\" content=\"summary_large_image\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1732206022g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1736472017g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1738186663g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=811a4fffdf449a472805\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/83366\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.7.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=83366\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ffederal-contractors-vulnerability-disclosure-policies-house-bill%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ffederal-contractors-vulnerability-disclosure-policies-house-bill%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-83366 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/federal-contractors-vulnerability-disclosure-policies-house-bill\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"5.12\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Nominations can be submitted for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.264750378215\">\n<div class=\"single-article__header-content\" readability=\"35.432941176471\">\n<p> Reps. Nancy Mace and Shontel Brown reintroduced VDP legislation after the 2024 bipartisan, bicameral bill didn\u2019t get a full Senate vote. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/83366\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"409\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/bill-requiring-federal-contractors-to-have-vulnerability-disclosure-policies-gets-house-redo.jpg?resize=640%2C409&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/bill-requiring-federal-contractors-to-have-vulnerability-disclosure-policies-gets-house-redo-2.jpg 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/bill-requiring-federal-contractors-to-have-vulnerability-disclosure-policies-gets-house-redo-2.jpg?resize=300,192 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/bill-requiring-federal-contractors-to-have-vulnerability-disclosure-policies-gets-house-redo-2.jpg?resize=768,491 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/bill-requiring-federal-contractors-to-have-vulnerability-disclosure-policies-gets-house-redo-2.jpg?resize=600,383 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/bill-requiring-federal-contractors-to-have-vulnerability-disclosure-policies-gets-house-redo-2.jpg?resize=263,168 263w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/bill-requiring-federal-contractors-to-have-vulnerability-disclosure-policies-gets-house-redo-2.jpg?resize=528,337 528w\" sizes=\"(max-width: 1024px) 100vw, 1024px\"><figcaption> Rep. Nancy Mace, R-S.C., listens as FEMA Administrator Deanne Criswell testifies during a House Oversight Committee Hearing at the Rayburn House Office Building on Nov. 19, 2024 in Washington, D.C. (Photo by Kevin Dietsch\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"31.022539776075\"><body readability=\"62.700282087447\"><\/p>\n<p>Bipartisan legislation to close a loophole in federal cybersecurity standards by requiring vulnerability disclosure policies for government contractors is getting another shot at passage in this Congress.<\/p>\n<p>The Federal Contractor Cybersecurity Vulnerability Reduction Act, a bicameral, bipartisan bill that <a href=\"https:\/\/www.congress.gov\/index.php\/bill\/118th-congress\/senate-bill\/5028\/all-actions\">stalled out last year in the Senate<\/a>, was reintroduced Friday in the House by Reps. Nancy Mace, R-S.C., and Shontel Brown, D-Ohio. <\/p>\n<p>The bill, whose <a href=\"https:\/\/cyberscoop.com\/federal-contractor-vulnerability-disclosure-policies-senate-bil\/\">2024 companion in the upper chamber<\/a> came from Sens. Mark Warner, D-Va., and James Lankford, R-Okla., calls on the Office of Management and Budget and the Defense Department to update federal acquisition policies to require all federal contractors to institute vulnerability disclosure policies (VDPs).<\/p>\n<p>\u201cThis is a matter of national security,\u201d <a href=\"https:\/\/mace.house.gov\/media\/press-releases\/congresswoman-nancy-mace-reintroduces-bipartisan-bill-strengthen-federal\">Mace said in a press release<\/a>. \u201cFederal contractors handle some of the most sensitive information and critical infrastructure in the country. Without basic vulnerability disclosure policies, we are leaving a gaping hole in our cybersecurity defenses. This bipartisan bill ensures contractors uphold the same cybersecurity standards as federal agencies, reducing risks before they turn into catastrophic breaches.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Brown added that the bill would help to \u201cbetter protect sensitive data from malicious actors.\u201d<\/p>\n<p>\u201cCybersecurity isn\u2019t optional, it\u2019s essential,\u201d she said. \u201cTo ensure that our systems are fully secure, we need to make sure federal contractors follow national guidelines to protect digital infrastructure.\u201d<\/p>\n<p>Under current law, federal agencies must have vulnerability disclosure policies that align with National Institute of Standards and Technology benchmarks. U.S. government contractors have no such obligation.<\/p>\n<p>In a <a href=\"https:\/\/www.warner.senate.gov\/public\/_cache\/files\/3\/f\/3f6625dc-09b1-4cf1-809a-015a3baf3718\/B66CD4E645A5A5730A15B0C90F3E6989.federal-contractor-cybersecurity-vulnerability-reduction-act-one-pager.pdf\">fact sheet released by Warner and Lankford<\/a> last August when they rolled out the Senate version of Mace\u2019s bill, the lawmakers pointed to the 2015 <a href=\"https:\/\/cyberscoop.com\/tag\/opm-breach\/\">Office of Personnel Management data breach<\/a>, which was made possible by vulnerabilities in systems used by two contractors that stored data on federal employee background checks. <\/p>\n<p>In the last Congress, the bill had bipartisan support and notable industry backing. Ilona Cohen, chief legal and policy officer of HackerOne, said in a statement to CyberScoop that \u201cescalating cyber threats from China and other foreign adversaries\u201d make it especially \u201ccritical to protect sensitive government information and personal data.\u201d <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cThe Federal Contractor Cybersecurity Vulnerability Reduction Act addresses a gap in our nation\u2019s cybersecurity defenses by requiring federal contractors to take a proactive approach to identifying and mitigating vulnerabilities before they can be exploited,\u201d Cohen added. \u201cWe commend Representatives Mace and Brown for their leadership on this essential legislation.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"4.3806104129264\">\n<div class=\"author-card\" readability=\"15\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/bill-requiring-federal-contractors-to-have-vulnerability-disclosure-policies-gets-house-redo-1.jpg?w=640&ssl=1\" alt=\"Matt Bracken\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Bracken<\/h4>\n<p> Matt Bracken is the managing editor of FedScoop and CyberScoop, overseeing coverage of federal government technology policy and cybersecurity. Before joining Scoop News Group in 2023, Matt was a senior editor at Morning Consult, leading data-driven coverage of tech, finance, health and energy. He previously worked in various editorial roles at The Baltimore Sun and the Arizona Daily Star. You can reach him at matt.bracken@scoopnewsgroup.com. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/federal-contractors-vulnerability-disclosure-policies-house-bill\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Bill requiring federal contractors to have vulnerability disclosure policies gets<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3648,117,3649,439,3650,2468,703],"tags":[3651,119,3652,443,3653,2470,705],"class_list":["post-7162","post","type-post","status-publish","format-standard","hentry","category-federal-contracting","category-government","category-nancy-mace","category-policy","category-shontel-brown","category-vdp","category-vulnerability-disclosure","tag-federal-contracting","tag-government","tag-nancy-mace","tag-policy","tag-shontel-brown","tag-vdp","tag-vulnerability-disclosure"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/federal-contracting\/\" rel=\"category tag\">federal contracting<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/nancy-mace\/\" rel=\"category tag\">Nancy Mace<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/policy\/\" rel=\"category tag\">Policy<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/shontel-brown\/\" rel=\"category tag\">Shontel Brown<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vdp\/\" rel=\"category tag\">vdp<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability-disclosure\/\" rel=\"category tag\">vulnerability disclosure<\/a>","tag_info":"vulnerability disclosure","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7162","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7162"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7162\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7162"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7162"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7162"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7162,"date":"2025-01-31T14:47:32","date_gmt":"2025-01-31T20:47:32","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=83366"},"modified":"2025-01-31T14:47:32","modified_gmt":"2025-01-31T20:47:32","slug":"bill-requiring-federal-contractors-to-have-vulnerability-disclosure-policies-gets-house-redo","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/01\/31\/bill-requiring-federal-contractors-to-have-vulnerability-disclosure-policies-gets-house-redo\/","title":{"rendered":"Bill requiring federal contractors to have vulnerability disclosure policies gets House redo"},"content":{"rendered":"