A bipartisan legislation is seeking updates to the Federal Acquisition Regulation to require federal contractors to implement vulnerability disclosure policies.
U.S. Sen. Mark Warner, D-Va., vice chairman of the Senate Select Committee on Intelligence, said Friday that VDPs “are crucial tools to help ensure that the federal government is operating using safe cybersecurity practices.”
Warner introduced the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025 with James Lankford, R-Okla., a member of the Senate Committee on Homeland Security and Governmental Affairs.
Civilian federal agencies are already required to have VDPs; however, the same requirement does not exist for federal contractors for the information systems used in fulfilling their contracts. Under the proposed bill, the contractors should adhere to National Institute of Standards and Technology guidelines and implement VDPs in line with those of the federal agencies to help reduce known security vulnerabilities, secure the entire supply chain and protect national security. The Office of Management and Budget would be required to oversee the FAR updates to ensure proper VDP implementation.
According to Lankford, increasing awareness of cyber vulnerabilities could help contractors and agencies keep data and systems safe from cybercrimes and hacking.
Sen. Warner’s Cyber-Focused Legislative Efforts
Warner authored the Internet of Things Cybersecurity Improvement Act, signed into law in 2020 by President Donald Trump, requiring IoT devices purchased with federal funds to meet minimum security standards. He also cofounded the bipartisan Senate Cybersecurity Caucus in 2016 and co-authored legislation mandating companies responsible for U.S. critical infrastructure to report cybersecurity incidents to the government.
Related Articles
The Senate on Saturday voted 59-35 to confirm Sean Cairncross, a former Republican National Committee official, as the next national cyber director. With his confirmation, Cairncross succeeds Harry Coker as head of the White House Office of the National Cyber Director. In this capacity, he will serve as the principal adviser to the U.S. president on cybersecurity strategy and policy in relation to the coordination of information security and data protection; efforts to deter malicious cyber activity; and programs and policies meant to improve the U.S. cybersecurity posture, among others. In February, President Donald Trump nominated Cairncross to the role.
Edward Forst has been nominated by President Donald Trump as the next administrator of the General Services Administration, succeeding Robin Carnahan, who resigned in January after serving for nearly four years. The White House announced the nomination on Sunday. Who Is Edward Forst? Forst is a seasoned executive and investor with vast experience in the global financial services and real estate industries. He most recently served as chairman of London-based private equity firm Lion Capital for three years. He was also the CEO of Cushman & Wakefield from 2013 to 2015. He spent 17 years at Goldman Sachs serving various senior executive
The Senate voted on Thursday 53-44 to confirm Matthew Kozma as the new undersecretary of the Department of Homeland Security for intelligence and analysis. In his role, Kozma would manage the Office of Intelligence and Analysis, which detects and addresses domestic and international threats, cyber risks and evolving national security issues, Homeland Security Today reported. He will lead the intelligence efforts to ensure the sharing of threat information between federal, state and local agencies. Find out more about the challenges and opportunities of the agency at the Potomac Officers Club 2025 Homeland Security Summit on November 12. Get insights into