Summary: The House of Representatives has passed the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025, which mandates federal contractors to implement a vulnerability disclosure policy (VDP) aligned with NIST guidelines. The bill aims to streamline the process for reporting vulnerabilities in contractor systems and has garnered support from major cybersecurity firms. Following approval from the House, the legislation is now under review in the Senate.

Affected: Federal contractors, Defense Department, and associated cybersecurity organizations

Keypoints :

• The bill requires federal contractors to adopt a vulnerability disclosure policy consistent with NIST guidelines.
• The Defense Department must implement similar policies for defense contractors.
• Major cybersecurity firms have endorsed the bill as a move towards best practices in cybersecurity.
• Lawmakers have pursued this legislation for two years, indicating its importance in strengthening cybersecurity measures.
• The bill has been integrated into the National Defense Authorization Act and is currently in the Senate for evaluation.