0
0
0
To amend title 41, United States Code, to require information technology contractors to maintain a vulnerability disclosure policy and program, and for other purposes.
2/13/2025, 3:18 PM
Summary of Bill HR 1258
Bill 119 HR 1258, also known as the "Vulnerability Disclosure Policy and Program Act," aims to amend title 41 of the United States Code to require information technology contractors to establish and maintain a vulnerability disclosure policy and program. This bill is designed to enhance the cybersecurity of government information systems by ensuring that contractors who provide IT services to the federal government have a process in place for receiving and addressing reports of security vulnerabilities.
Under this bill, IT contractors would be required to establish a clear and accessible process for individuals to report potential security vulnerabilities in the systems they manage. Contractors would also be required to promptly investigate and address any reported vulnerabilities to prevent potential exploitation by malicious actors.
The bill emphasizes the importance of transparency and collaboration in addressing cybersecurity threats, as well as the need for a coordinated approach to managing vulnerabilities in government information systems. By requiring contractors to maintain a vulnerability disclosure policy and program, the bill aims to strengthen the overall cybersecurity posture of the federal government and protect sensitive information from cyber threats. In addition to the requirements related to vulnerability disclosure, the bill also includes provisions for reporting on the implementation of vulnerability disclosure policies and programs, as well as for conducting audits to ensure compliance with the new requirements. Overall, Bill 119 HR 1258 seeks to improve the cybersecurity of government information systems by establishing clear guidelines for IT contractors to address and mitigate security vulnerabilities in a timely and effective manner.
Under this bill, IT contractors would be required to establish a clear and accessible process for individuals to report potential security vulnerabilities in the systems they manage. Contractors would also be required to promptly investigate and address any reported vulnerabilities to prevent potential exploitation by malicious actors.
The bill emphasizes the importance of transparency and collaboration in addressing cybersecurity threats, as well as the need for a coordinated approach to managing vulnerabilities in government information systems. By requiring contractors to maintain a vulnerability disclosure policy and program, the bill aims to strengthen the overall cybersecurity posture of the federal government and protect sensitive information from cyber threats. In addition to the requirements related to vulnerability disclosure, the bill also includes provisions for reporting on the implementation of vulnerability disclosure policies and programs, as well as for conducting audits to ensure compliance with the new requirements. Overall, Bill 119 HR 1258 seeks to improve the cybersecurity of government information systems by establishing clear guidelines for IT contractors to address and mitigate security vulnerabilities in a timely and effective manner.
Congressional Summary of HR 1258
Improving Contractor Cybersecurity Act
This bill prohibits an executive agency from entering into a contract for information technology unless the contractor maintains a vulnerability disclosure policy (VDP) and program.
The contractor must report to the Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security, within seven days after the VDP is published and on an ongoing basis as vulnerability reports are received, information regarding
- any valid or credible report of a not previously known public vulnerability on a system that uses commercial software or services that affect, or are likely to affect, other parties in government or industry once a patch or viable mitigation is available; and
- any other situation where the contractor determines it would be helpful or necessary to involve CISA.
CISA must submit vulnerabilities to the MITRE Common Vulnerabilities and Exposures database and the National Institute of Standards and Technology National Vulnerability Database.
Current Status of Bill HR 1258
Bill HR 1258 is currently in the status of Bill Introduced since February 12, 2025. Bill HR 1258 was introduced during Congress 119 and was introduced to the House on February 12, 2025. Bill HR 1258's most recent activity was Referred to the House Committee on Oversight and Government Reform. as of February 12, 2025
Bipartisan Support of Bill HR 1258
Total Number of Sponsors
2Democrat Sponsors
2Republican Sponsors
0Unaffiliated Sponsors
0Total Number of Cosponsors
0Democrat Cosponsors
0Republican Cosponsors
0Unaffiliated Cosponsors
0Policy Area and Potential Impact of Bill HR 1258
Primary Policy Focus
Comments
Sponsors and Cosponsors of HR 1258
Latest Bills
Agriculture, Rural Development, Food and Drug Administration, and Related Agency Appropriations Act, 2027
Bill HR 8646May 5, 2026
A resolution designating the week of April 20 through April 24, 2026, as "National Home Visiting Week".
Bill SRES 692May 5, 2026
Tribal Trust Land Homeownership Act of 2025
Bill S 723May 5, 2026
To amend the Fair Labor Standards Act of 1938 to prohibit discrimination in the payment of wages on account of sex, race, or national origin, and for other purposes.
Bill HR 8663May 5, 2026
RECON Act
Bill HR 8478May 5, 2026
SAFE School Act
Bill HR 8506May 5, 2026
Rehabilitation of Historic Schools Act of 2026
Bill HR 8501May 5, 2026
Precision Agriculture Workforce Training and Development Act
Bill HR 8507May 5, 2026
Public Safety UAS Readiness Act
Bill HR 8492May 5, 2026
Save SNAP Act of 2026
Bill HR 8503May 5, 2026