House Passes Bill Requiring Federal Contractors to Adopt Cybersecurity Disclosure Policies
The House passed this bill in March 2025, and it is now waiting for the Senate to take action. Nothing has happened with the bill since March 2025, which means it has been stalled for 16 months. The Senate must review the bill before it can become law, but it is common for the Senate to never schedule a vote on bills passed by the House.
This bill has already passed the House with broad support and addresses a non-partisan issue by building on existing cybersecurity standards.
This bill’s path across every version that has carried it.
Scores run from -100 (strongly harmful) to +100 (strongly beneficial) for each group, combining impact, certainty, scope, and duration ratings of 1-5. How impact scoring works
Small businesses that hold federal contracts above the simplified acquisition threshold (currently $250,000) will need to implement formal vulnerability disclosure policies. This adds compliance costs and administrative burden, but many larger small-business contractors may already follow similar practices. Companies that manage federal information systems face the same requirements regardless of contract size.
Received in the Senate and Read twice and referred to the Committee on Homeland Security and Governmental Affairs.
Sent to a congressional committee for expert review. The committee decides whether this bill moves forward.
Motion to reconsider laid on the table Agreed to without objection.
On motion to suspend the rules and pass the bill, as amended Agreed to by voice vote. (text: CR H930-931)
The House fast-tracked this bill — limited debate, no amendments allowed, but needs two-thirds support to pass.
Passed/agreed to in House: On motion to suspend the rules and pass the bill, as amended Agreed to by voice vote. (text: CR H930-931)
The House fast-tracked this bill — limited debate, no amendments allowed, but needs two-thirds support to pass.
DEBATE - The House proceeded with forty minutes of debate on H.R. 872.

The U.S. House passed a bill requiring all federal contractors to submit a vulnerability disclosure program to qualify for government contracts. The bill has strong support from the security industry, including companies like Microsoft and HackerOne.
Senators Mark Warner and James Lankford introduced the Senate version of the Federal Contractor Cybersecurity Vulnerability Reduction Act. The bill requires the OMB to oversee updates to the Federal Acquisition Regulation to mandate vulnerability disclosure policies.
No votes recorded for this bill yet.
Document Type
Congressional Bill
Official Title
Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025
Analysis generated by AI. Always verify with official sources.