Rep. Nancy Mace, R-S.C., has reintroduced the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025, which seeks to strengthen the federal cybersecurity standards.
The proposal would require the Office of Management and Budget and the Department of Defense to update their federal acquisition policies and direct all federal contractors to implement vulnerability disclosure policies, Mace said in a Friday press release.
“This bipartisan bill ensures contractors uphold the same cybersecurity standards as federal agencies, reducing risks before they turn into catastrophic breaches,” the lawmaker added.
What’s in the Bill?
Under the bill, government contractors must adhere to cybersecurity standards set by the National Institute of Standards and Technology. The legislation envisions that vulnerability disclosure requirements provide a framework for good-faith researchers to report security weaknesses before they can be exploited, thus reducing the risk of cyberattacks against contractors.
If enacted, the act would mandate OMB to oversee updates to the Federal Acquisition Regulation to enforce vulnerability disclosure requirements for civilian contractors. Meanwhile, the DOD secretary would do the same for the defense sector, ensuring that the Defense Federal Acquisition Regulation Supplement enforces the policies among defense vendors.
Mace first filed the measure in August 2024 and was taken up by Senators Mark Warner, D-Va., and James Lankford, R-Okla., in the Senate.