- Huawei steps up AI chip race with Ascend 910D, targeting Nvidia’s high ground
- Innovative OT Security Solutions by Cisco at RSAC 2025
- La gran apuesta de Bank of America por la IA, a examen
- 4 ways to scale generative AI experiments into production services
- ISACA Highlights Critical Lack of Quantum Threat Mitigation Strategies
New Bill Mandates Cybersecurity Overhaul for Federal Contractors
New cybersecurity legislation is coming thick and fast. And for good reason: cyber threats are becoming more sophisticated, systems are becoming more connected, and geopolitical relationships are becoming more fraught.
One of the most recent bipartisan legislations – the US Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025 – is designed to modernize cybersecurity standards in the US and protect the country from threats. Let’s examine the Act and the landscape that inspired its creation.
Harmonizing Security Standards
Federal agencies have long been subject to strict vulnerability disclosure policies (VDPs) and are required to align with NIST standards, but federal contractors haven’t. The problem should be obvious: federal contractors are entrusted to handle vast amounts of sensitive government data and, as such, are prime targets for cybercriminals. Moreover, with supply chain attacks becoming increasingly common, US lawmakers recognized that these contractors must be held to the same standards as federal agencies. This is where the US Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025 comes in.
Why are Vulnerability Disclosure Policies Important?
VDPs are the core of this Act. They enable cybersecurity researchers to report potential security flaws quickly and easily, helping organizations address vulnerabilities before they can be exploited by malicious actors. The benefits of VDPs include the following:
-
Enhanced Collaboration: Creating a communication channel between organizations and the cybersecurity community to improve vulnerability mitigation and response.
-
Risk Remediation: The earlier an organization can identify a vulnerability, the better its chances of remediating it before attackers can exploit it.
-
Security Practice Innovation: VDPs establish a continuous feedback loop, which creates an environment in which cybersecurity measures are frequently updated and refined.
The Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025 requires that federal contractors implement these best practices, a requirement already imposed on federal agencies. Fundamentally, the Act is expanding the US’s proactive approach to cybersecurity to include any organization handling sensitive federal information.
Bipartisan Support
The United States is more divided than ever. Considering this, it’s especially encouraging to see the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025 receive bipartisan support. The fact that leaders from both sides of the aisle – including Congresswoman Nancy Mace (R) and Representative Shontel Brown (D) – have championed this initiative is reflective of a nationwide recognition that cybersecurity is a matter of national security, not a political talking point. While political leaders are divided on how to regulate AI, it’s gladdening to see they’re on the same page when it comes to AI regulation.
The Future of Proactive Security
More broadly, this regulation reflects the increasing shift towards proactive security measures. Keep in mind that while the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025 only applies to federal contractors, organizations looking to secure a lucrative government contract will also need to comply. As such, VDPs are likely to trickle down throughout all industries, and the Act is likely to pave the way for similar reforms in the broader business community.
What’s more, by institutionalizing vulnerability disclosure policies, the bill helps to normalize the practice of reporting and addressing security issues. In turn, this will help the US build a more resilient cybersecurity ecosystem where risks are mitigated before they turn into active, damaging threats.
How Fortra Can Help
Of course, discovering a vulnerability is the first stage in a VDP. Fortra can help with that. Fortra VM is a proactive, risk-based vulnerability management solution that assesses and prioritizes your system weaknesses to create easily understood reports. If you’re a federal contractor looking for a solution to help you implement a vulnerability disclosure policy, Fortra VM should be your first port of call. It offers in-depth vulnerability management features, including:
-
Threat Rank: Security modeling that helps identify exploitation vectors used in real-world attacks.
-
Network Map: A visual representation of your organization’s network and its security posture.
-
Peer Insight: This feature allows you to compare your security efforts with those of organizations in the same industry.
-
Security GPA: A ranking system dedicated to your organization’s security landscape.
-
Connect API: A way to integrate known, prioritized, and scored vulnerabilities into an already existing workflow platform.
What’s more, you can purchase an annual SaaS subscription to Fortra VM that gives you uninterrupted, on-demand expert service. You’ll gain access to a personal security analyst to save you time and achieve continuous vulnerability management security assessments and scalable options that align with your organization’s unique needs.
Want to find out more about how Fortra VM can help you implement a comprehensive vulnerability disclosure policy and comply with the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025?
Get a quote here.
