Friday, September 15, 2023

Review - HR 4552 Introduced – 2023 FISMA

Back in July, Rep Mace (R,SC) introduced HR 4552, the Federal Information Security Modernization Act of 2023. This is the perennial update of the Federal agency cybersecurity rules. It includes two items of potentially broader interest here: penetration testing policy and vulnerability disclosure policy.

Moving Forward

Mace, and all four of her cosponsors {Rep Raskin (D,MD) Rep Comer (R,KY), Rep Connolly (D,VA) and Rep Davis (D,NC)}, are members of the House Oversight and Accountability Committee to which the bill was assigned for consideration. This means that there is almost certainly sufficient influence to see the bill considered in Committee. I do not see anything that would engender organized opposition to the legislation. I suspect that there would be significant bipartisan support for the bill, probably enough that it could be considered under the House’s suspension of the rules process.

It will be interesting to see how much the Committee’s investigative efforts directed at the Biden Administration will affect their ability to consider bipartisan legislation like HR 4552.


I found it odd that §12’s new §3559b removed the contractor cybersecurity requirements of 15 U.S.C. 278g–3e. There is nothing in that section that deals with VDP requirements. It looks to my suspicious mind like someone is trying to reduce cybersecurity requirements for contractors. In any case the deletion of that section should be remove from this section since it has nothing to do with VDP.


For more details about the penetration testing and vulnerability disclosure program provisions of the legislation, see my article at CFSN Detailed Analysis - - subscription required.

No comments:

/* Use this with templates/template-twocol.html */