PolicySoupstir the potALPHA

H.R. 872 (119th)Bill Overview
Full Analysis

Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025

Government Operations and Politics|Computer security and identity theftGovernment information and archives
Sponsor
Nancy MaceR
Cosponsors
Support
Republican
Introduced
Jan 31, 2025
Discussions
0
Bill Text
View ↗
Committee
Homeland Security Subcommittee
Current stageCommittee

Received in the Senate and Read twice and referred to the Committee on Homeland Security and Governmental Affairs.

Introduced
Committee
Floor
President
Law
Congressional Activities
01 · The brief
Plain-English summaryWhat this bill actually does

<p><strong>Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025</strong></p><p>This bill requires revisions to acquisition regulations&nbsp;related to information systems vulnerabilities&nbsp;for certain federal contractors. The revisions apply to contractors whose contract is at or above the simplified acquisition threshold ($250,000 in most cases) or that use, operate, manage, or maintain a federal information system on behalf of an agency.&nbsp;</p><p>Under the bill, the Office of Management and Budget must review the Federal Acquisition Regulation (FAR) and recommend updated contract requirements and language for contractor vulnerability disclosure programs. (Such programs establish processes for identifying, reporting, and mitigating information system vulnerabilities discovered by security researchers, software developers, and others.) The recommendations must include requirements to ensure that such contractors implement vulnerability disclosure policies consistent with guidelines from the National Institute of Standards and Technology.

Why people may split

The main political fault lines are not fully surfaced yet, so coalition durability is still unclear.

Watch point

The next hurdle is reproducing that support in the other chamber.

<p><strong>Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025</strong></p><p>This bill requires revisions to acquisition regulations&nbsp;related to information systems vulnerabilities&nbsp;for certain federal contractors.

The revisions apply to contractors whose contract is at or above the simplified acquisition threshold ($250,000 in most cases) or that use, operate, manage, or maintain a federal information system on behalf of an agency.&nbsp;</p><p>Under the bill, the Office of Management and Budget must review the Federal Acquisition Regulation (FAR) and recommend updated contract requirements and language for contractor vulnerability disclosure programs. (Such programs establish processes for identifying, reporting, and mitigating information system vulnerabilities discovered by security researchers, software developers, and others.) The recommendations must include requirements to ensure that such contractors implement vulnerability disclosure policies consistent with guidelines from the National Institute of Standards and Technology.

Passage64/100

This bill has already passed one chamber, which is a stronger signal than introduction alone but still leaves another major hurdle ahead.

CredibilityPartial

How solid the drafting looks.

Contention62/100

The main political fault lines are not fully surfaced yet, so coalition durability is still unclear.

02 · What it does
Full Analysis

Who stands to gain, and who may push back.

Likely benefits vs burdens0% / 100%
Likely helpedLikely burdened

These are examples from the analysis, not a ranked list of the most-affected groups.

Likely helped
  • No clear beneficiaries surfaced yet.
Likely burdened
  • No clear downsides surfaced yet.
03 · Why people split
Full Analysis

Why the argument around this bill splits.

The main political fault lines are not fully surfaced yet, so coalition durability is still unclear.
Progressive

The main political fault lines are not fully surfaced yet, so coalition durability is still unclear.

Unclear
Centrist

The main political fault lines are not fully surfaced yet, so coalition durability is still unclear.

Unclear
Conservative

The main political fault lines are not fully surfaced yet, so coalition durability is still unclear.

Unclear
04 · Can it pass?
Full Analysis

The path through Congress.

Introduced

Reached or meaningfully advanced

Committee

Reached or meaningfully advanced

Floor

Still ahead

President

Still ahead

Law

Still ahead

Passage likelihood64/100

This bill has already passed one chamber, which is a stronger signal than introduction alone but still leaves another major hurdle ahead.

Why this could stall
  • The next hurdle is reproducing that support in the other chamber.
05 · Recent votes

Recent votes on the bill.

No vote history yet

The bill has not accumulated any surfaced votes yet.

06 · Go deeper

Go deeper than the headline read.

Included on this page

The main political fault lines are not fully surfaced yet, so coalition durability is still unclear.

This bill has already passed one chamber, which is a stronger signal than introduction alone but still leaves another major hurdle ahead.

Unlocked analysis

Pro readers get the full perspective split, passage barriers, legislative design review, stakeholder impact map, and lens-based policy tradeoff analysis for Federal Contractor Cybersecurity Vulnerability Reduction Act o…

Go beyond the headline summary with full stakeholder mapping, legislative design analysis, passage barriers, and lens-by-lens tradeoff breakdowns.

Perspective breakdownsPassage barriersLegislative design reviewStakeholder impact map
Open full analysis