0
0
0
To amend title 41, United States Code, to require information technology contractors to maintain a vulnerability disclosure policy and program, and for other purposes.
2/13/2025, 3:18 PM
Summary of Bill HR 1258
Bill 119 HR 1258, also known as the "Vulnerability Disclosure Policy and Program Act," aims to amend title 41 of the United States Code to require information technology contractors to establish and maintain a vulnerability disclosure policy and program. This bill is designed to enhance the cybersecurity of government information systems by ensuring that contractors who provide IT services to the federal government have a process in place for receiving and addressing reports of security vulnerabilities.
Under this bill, IT contractors would be required to establish a clear and accessible process for individuals to report potential security vulnerabilities in the systems they manage. Contractors would also be required to promptly investigate and address any reported vulnerabilities to prevent potential exploitation by malicious actors.
The bill emphasizes the importance of transparency and collaboration in addressing cybersecurity threats, as well as the need for a coordinated approach to managing vulnerabilities in government information systems. By requiring contractors to maintain a vulnerability disclosure policy and program, the bill aims to strengthen the overall cybersecurity posture of the federal government and protect sensitive information from cyber threats. In addition to the requirements related to vulnerability disclosure, the bill also includes provisions for reporting on the implementation of vulnerability disclosure policies and programs, as well as for conducting audits to ensure compliance with the new requirements. Overall, Bill 119 HR 1258 seeks to improve the cybersecurity of government information systems by establishing clear guidelines for IT contractors to address and mitigate security vulnerabilities in a timely and effective manner.
Under this bill, IT contractors would be required to establish a clear and accessible process for individuals to report potential security vulnerabilities in the systems they manage. Contractors would also be required to promptly investigate and address any reported vulnerabilities to prevent potential exploitation by malicious actors.
The bill emphasizes the importance of transparency and collaboration in addressing cybersecurity threats, as well as the need for a coordinated approach to managing vulnerabilities in government information systems. By requiring contractors to maintain a vulnerability disclosure policy and program, the bill aims to strengthen the overall cybersecurity posture of the federal government and protect sensitive information from cyber threats. In addition to the requirements related to vulnerability disclosure, the bill also includes provisions for reporting on the implementation of vulnerability disclosure policies and programs, as well as for conducting audits to ensure compliance with the new requirements. Overall, Bill 119 HR 1258 seeks to improve the cybersecurity of government information systems by establishing clear guidelines for IT contractors to address and mitigate security vulnerabilities in a timely and effective manner.
Congressional Summary of HR 1258
Improving Contractor Cybersecurity Act
This bill prohibits an executive agency from entering into a contract for information technology unless the contractor maintains a vulnerability disclosure policy (VDP) and program.
The contractor must report to the Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security, within seven days after the VDP is published and on an ongoing basis as vulnerability reports are received, information regarding
- any valid or credible report of a not previously known public vulnerability on a system that uses commercial software or services that affect, or are likely to affect, other parties in government or industry once a patch or viable mitigation is available; and
- any other situation where the contractor determines it would be helpful or necessary to involve CISA.
CISA must submit vulnerabilities to the MITRE Common Vulnerabilities and Exposures database and the National Institute of Standards and Technology National Vulnerability Database.
Current Status of Bill HR 1258
Bill HR 1258 is currently in the status of Bill Introduced since February 12, 2025. Bill HR 1258 was introduced during Congress 119 and was introduced to the House on February 12, 2025. Bill HR 1258's most recent activity was Referred to the House Committee on Oversight and Government Reform. as of February 12, 2025
Bipartisan Support of Bill HR 1258
Total Number of Sponsors
2Democrat Sponsors
2Republican Sponsors
0Unaffiliated Sponsors
0Total Number of Cosponsors
0Democrat Cosponsors
0Republican Cosponsors
0Unaffiliated Cosponsors
0Policy Area and Potential Impact of Bill HR 1258
Primary Policy Focus
Comments
Sponsors and Cosponsors of HR 1258
Latest Bills
Health Investment Zones Act of 2026
Bill HR 7496March 10, 2026
AI Workforce Training Act
Bill HR 7576March 10, 2026
Reinvest in Public Schools Act of 2026
Bill HR 7570March 9, 2026
Multigenerational Family Tax Credit Act of 2026
Bill HR 7584March 9, 2026
Local Infrastructure Tax Cuts Act
Bill HR 7561March 9, 2026
A joint resolution providing for congressional disapproval under chapter 8 of title 5, United States Code, of the rule submitted by the Bureau of Land Management relating to "Grand Staircase-Escalante National Monument Record of Decision and Approved Resource Management Plan".
Bill SJRES 109March 9, 2026
American Battlefield Protection Program Amendments Act of 2026
Bill HR 7618March 9, 2026
Stop Militarizing Our Streets Act of 2026
Bill HR 7827March 9, 2026
Federal Funds Whistleblower Protection Extension Act
Bill HR 7824March 9, 2026
Impeaching Pamela Jo Bondi, Attorney General of the United States of America, for high crimes and misdemeanors.
Bill HRES 1105March 9, 2026