If passed, executive government agencies may not enter into a contract for IT services unless the contractor maintains a vulnerability disclosure policy that describes the process for vulnerability reporting (i.e., where to send the report, what to include in the report, that an individual can report anonymously), does not limit testing solely to entities approved by the contractor (the public can also search for and report a vulnerability), and provides target timelines for resolving a reported vulnerability.
1 minute read
Federal Bill Aims to Improve Contractor Cybersecurity
Related Posts
NHS Cyber Attack Highlights Third-Party Risk
A recent cyber attack targeting a blood test provider contracted by the NHS has resulted in the theft…
New York Introduces Stricter Social Media Privacy Laws for Children
New York has enacted stringent legislation aimed at enhancing social media privacy protections for children. The new law…
Data Breach Exposes 13.4 Million Kaiser Insurance Members
The personal information of 13.4 million Kaiser Insurance members has been exposed to online advertisers, underscoring the critical…