arrow_back Back to App

Mandatory Vulnerability Disclosure Programs for Government IT Contractors.

This law mandates that IT companies contracting with the federal government establish clear policies for reporting security vulnerabilities. The goal is to significantly enhance the security of government systems and protect public data from cyber threats. Crucially, individuals who report flaws in good faith (ethical hackers) are protected from civil lawsuits by the contractor.
Key points
All U.S. government IT contractors must implement public programs allowing anyone to report security flaws found in their systems.
Researchers reporting vulnerabilities are protected from civil liability if they act in good faith and follow the contractor's established policy.
Contractors must quickly acknowledge reports, communicate progress to researchers, and report critical vulnerabilities to CISA (Cybersecurity and Infrastructure Security Agency).
article Official text account_balance Process page
Introduced
Citizen Poll
No votes cast
Additional Information
Print number: 119_HR_1258
Sponsor: Rep. Lieu, Ted [D-CA-36]
Process start date: 2025-02-12
Lustra uses Artificial Intelligence. Verify details in source documents.
Summarized by: gemini-flash-latest
Source data: api.congress.gov
AI work logs for this document launch

OFFICIAL LEGAL TITLE

Improving Contractor Cybersecurity Act

FREQUENTLY ASKED QUESTIONS

What is the official ID of this bill?

The official print number for this legislation is 119_HR_1258.

Which chamber initiated this legislation?

This legislation was initiated in the House of Representatives.

When did the legislative process begin?

The process officially started on 2025-02-12.

What are the main provisions?

Key points include:

  • All U.S. government IT contractors must implement public programs allowing anyone to report security flaws found in their systems.
  • Researchers reporting vulnerabilities are protected from civil liability if they act in good faith and follow the contractor's established policy.
  • Contractors must quickly acknowledge reports, communicate progress to researchers, and report critical vulnerabilities to CISA (Cybersecurity and Infrastructure Security Agency).
What is the specific legal status?

The current status is Introduced.

Where can I read the full text of this legislation?

The full official text is available at: View full text

Who is the primary sponsor?

The primary sponsor is Rep. Lieu, Ted [D-CA-36].

What is the latest detailed status?

The latest detailed status is: Referred to the House Committee on Oversight and Government Reform.

Is this summary verified?

Yes. This content was analyzed by AI and verified by the Lustra Judge System on 2025-12-23.

CATEGORIES

Informatization Security