Senators Warner and Lankford Announce Federal Cybersecurity Measures and Mandatory Disclosure Policies

On August 9, 2024, U.S. Sens. Mark R. Warner (D-VA), Chairman of the Senate Select Committee on Intelligence, and James Lankford (R-OK), a member of the Senate Committee on Homeland Security & Governmental Affairs announced the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2024  to strengthen federal cybersecurity. This will ensure federal contractors follow guidelines set forth by the National Institute of Standards and Technology (NIST). 

Another part, Vulnerability Disclosure Policies (VDP) provides a way for organizations to receive unsolicited reports of vulnerabilities within their software to help prevent a cyber attack. 

Currently, civilian federal agencies are required to have VDPs, however, there is no requirement for civilian or defense federal contractors to have VDPs for the information systems used in the fulfillment of their contracts. This legislation will require VDPs among federal contractors and formally manage vulnerability disclosure reports to reduce known security vulnerabilities among federal contractors.

“VDPs are a crucial tool used to proactively identify and address software vulnerabilities,” said Senator Warner. “This legislation will ensure that federal contractors, along with federal agencies, are adhering to national guidelines that will better protect our critical infrastructure, and sensitive data from potential attacks.”

“Federal agencies and contractors must be quickly made aware of cyber vulnerabilities, so they can resolve them. By strengthening cybersecurity efforts, contractors and agencies can keep their focus on serving the American people and keep data and systems safe from cybercrimes and hacking,” said Sen. Lankford.

This legislation is the latest step in Sen. Warner’s efforts to mitigate to damage of potential cybersecurity attacks. This legislation was signed into law by President Joe Biden as part of the Consolidated Appropriations Act in March 2022.