arrow_back Back to App

Enhanced Digital Security: New Rules for Government IT Contractors.

New regulations aim to boost the security of data and IT systems used by the government. Companies providing IT services to government agencies will be required to implement clear policies for reporting security vulnerabilities, protecting citizens' data and improving overall digital security. This will ensure potential threats are quickly identified and fixed, reducing the risk of cyberattacks.
Key points
IT contractors working with the government must have a public vulnerability disclosure policy, accessible to everyone.
This policy must clearly state how to report bugs, what is allowed, and what is prohibited during system testing.
Companies commit not to sue individuals who report vulnerabilities in good faith, in accordance with their policies.
Discovered vulnerabilities must be reported to government agencies to improve security across the public sector.
article Official text account_balance Process page
Expired
Citizen Poll
No votes cast
Additional Information
Print number: 118_HR_5310
Sponsor: Rep. Lieu, Ted [D-CA-36]
Process start date: 2023-08-29
Lustra uses Artificial Intelligence. Verify details in source documents.
Summarized by: gemini-2.5-flash-preview-05-20
Source data: api.congress.gov
AI work logs for this document launch

OFFICIAL LEGAL TITLE

Improving Contractor Cybersecurity Act

FREQUENTLY ASKED QUESTIONS

What is the official ID of this bill?

The official print number for this legislation is 118_HR_5310.

Which chamber initiated this legislation?

This legislation was initiated in the House of Representatives.

When did the legislative process begin?

The process officially started on 2023-08-29.

What are the main provisions?

Key points include:

  • IT contractors working with the government must have a public vulnerability disclosure policy, accessible to everyone.
  • This policy must clearly state how to report bugs, what is allowed, and what is prohibited during system testing.
  • Companies commit not to sue individuals who report vulnerabilities in good faith, in accordance with their policies.
  • Discovered vulnerabilities must be reported to government agencies to improve security across the public sector.
What is the specific legal status?

The current status is Expired.

Where can I read the full text of this legislation?

The full official text is available at: View full text

Who is the primary sponsor?

The primary sponsor is Rep. Lieu, Ted [D-CA-36].

What is the latest detailed status?

The latest detailed status is: Referred to the House Committee on Oversight and Accountability.

Is this summary verified?

Yes. This content was analyzed by AI and verified by the Lustra Judge System on 2025-12-25.

CATEGORIES

Informatization Security