Last month, Rep Mace (R,SC) introduced HR 872, the Federal Cybersecurity Vulnerability Reduction Act of 2023. The bill would require the OMB and DOD to review Federal Acquisition Regulations (FAR) to ensure that covered contractors implement a vulnerability disclosure policy consistent with NIST guidelines for contractors as required by 15 USC 278g–3c. No funding is authorized by this legislation.
Note: The version of HR 872 linked to above is a committee print of a revised version of the bill that will be considered today under the House suspension of the rules process. The GPO has not yet published the introduced version of the bill. There are no paragraph-links available in the committee print, so I will be providing old style paragraph descriptions for quoted materials.
NOTE: Corrected two instances of type-disclexia in the bill number in each of the first two paragraphs. March 3rd, 2025 10:00 EST.
This bill is a substantial re-write of HR 5255 introduced by Mace in August of 2023, though the basic provisions remain the same. The House Oversight and Accountability Committee held a business meeting on May 15th, 2024 that included consideration of this bill. The bill was ordered reported favorably by a vote of 42 to 0. The Committee report has not been published, nor has a reported version of the bill.
Moving Forward
The House is scheduled to consider the modified version of HR
872 this afternoon under the suspension of the rules process. That process limits
debate, prohibits floor amendments to the bill, and requires a supermajority
for passage. This bill will almost certainly pass with wide bipartisan support.
Posts
No comments:
Post a Comment