Last month Sen Warner (D,VA) introduced S 5028, the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2024. The bill would require changes to the Federal Acquisition Regulations to require federal contractors to have a vulnerability disclosure program. No new funding is authorized by this legislation.
This bill is very similar in intent to HR 5310 and HR 5255. The major difference between this bill and the other two is that the Senate bill is focused on the FAR as the mechanism for requiring contractors to have a vulnerable disclosure program. There has been no action taken on HR 5310, but HR 5255 was amended and ordered favorably reported back in May. That report has not yet been published.
Moving Forward
While Warner is not a member of the Senate Homeland Security
and Governmental Affairs Committee to which this bill was assigned, his sole
cosponsor {Lankford (R,OK)} is a member. This means that there may be
sufficient influence to see the bill considered in Committee. Beyond the
increased regulation of contractors which some elements of the Republican
fringe have a knee-jerk opposition to, I see nothing that would cause any
organized opposition to this bill. I suspect that this bill would receive some
level of bipartisan support in Committee.
For more information about the provisions of the bill, as
well as more discussion about it’s prospects, see my article at CFSN Detailed
Analysis - https://patrickcoyle.substack.com/p/s-5028-introduced
- subscription required.
Posts
No comments:
Post a Comment