August 12, 2024 at 07:12AM
Senators Mark R. Warner and James Lankford introduced the bipartisan Federal Contractor Cybersecurity Vulnerability Reduction Act of 2024, aiming to enforce vulnerability disclosure rules for federal contractors. The bill mandates adherence to National Institute of Standards and Technology (NIST) guidelines and requires implementation of formal vulnerability disclosure policies to mitigate cyberattacks.
Summary of Meeting Notes:
– US Senators Mark R. Warner and James Lankford have introduced a bipartisan bill called the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2024.
– The bill aims to tighten vulnerability disclosure rules for federal contractors and require adherence to NIST guidelines.
– The legislation will require the Office of Management and Budget to oversee updates to the Federal Acquisition Regulation (FAR) and the Secretary of Defense to oversee updates to the Defense Federal Acquisition Regulation Supplement (DFARS) to implement vulnerability disclosure policies.
– Federal contractors would be required to implement Vulnerability Disclosure Policies (VDP) and formal processes for accepting, assessing, and managing vulnerability reports.
– The bill emphasizes the importance of VDPs in proactively identifying and addressing software vulnerabilities to better protect critical infrastructure and sensitive data from potential attacks.