01 — The Text
What.
- Mandates federal contractors earning $250k+ must have vulnerability disclosure programs—formal processes for reporting and fixing security flaws.
- OMB and Pentagon must update federal contracting rules to require these programs and align them with National Institute of Standards and Technology guidelines.
- Contractors managing federal IT systems must receive notifications about potential security vulnerabilities in their systems.
02 — The Stakes
So what?
- Defense contractors and major tech vendors get stricter security requirements, increasing compliance costs but reducing risk of breaches affecting military/federal systems.
- Cybersecurity researchers gain clearer pathways to report flaws to contractors without legal retaliation, improving threat detection.
- Taxpayers benefit from stronger protection of federal data, though contractors may pass some costs to government through higher bids.
03 — The Path
Now what?
- Bill passed House on March 3; now in Senate Homeland Security committee. Bipartisan support (unanimous voice vote) suggests path forward.
- Senate committee must review and vote before floor consideration. No deadline set yet.
- Contact your senator's office to express views on government cybersecurity requirements.
Legislative History
Actions.
- Mar 4, 2025 — Received in the Senate and Read twice and referred to the Committee on Homeland Security and Governmental Affairs.
- Mar 3, 2025 — Motion to reconsider laid on the table Agreed to without objection.
- Mar 3, 2025 — On motion to suspend the rules and pass the bill, as amended Agreed to by voice vote. (text: CR H930-931)
- Mar 3, 2025 — Passed/agreed to in House: On motion to suspend the rules and pass the bill, as amended Agreed to by voice vote. (text: CR H930-931)
- Mar 3, 2025 — DEBATE - The House proceeded with forty minutes of debate on H.R. 872.
- Mar 3, 2025 — Considered under suspension of the rules. (consideration: CR H930-932)
- Mar 3, 2025 — Mr. Comer moved to suspend the rules and pass the bill, as amended.
- Jan 31, 2025 — Referred to the Committee on Oversight and Government Reform, and in addition to the Committee on Armed Services, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.