Governance, Risk and Compliance, Government Regulations

Enhanced vulnerability disclosure rules for federal contractors sought by new legislation

Share
US Capitol building

SecurityWeek reports that federal contractors would be subjected to more stringent vulnerability disclosure rules established by the National Institute of Standards and Technology under new bipartisan legislation introduced by Sens. Mark Warner, D-Va., and James Lankford, R-Okla., in a bid to curb increasingly damaging cyberattacks.

Updates to the Federal Acquisition Regulation and Defense Federal Acquisition Regulation Supplement contract requirements should be conducted by the Office of Management and Budget and the Defense Secretary, respectively, to ensure contractors' adoption of compliant vulnerability disclosure policies, according to the bill. Such legislation would place federal contractors on par with federal civilian agencies, which had already been required to implement VDPs. "VDPs are a crucial tool used to proactively identify and address software vulnerabilities. This legislation will ensure that federal contractors, along with federal agencies, are adhering to national guidelines that will better protect our critical infrastructure, and sensitive data from potential attacks," said Warner.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.