Sponsors (2)
Introduced May 22, 2025 by Mark R. Warner · Last progress May 22, 2025
The bill limits new federal spending and improves budget clarity by requiring implementation to fit within current appropriations, but that fiscal constraint risks reduced or delayed services and strains on agencies as they reallocate limited resources.
Taxpayers: the Act reduces the risk of immediate new federal spending by preventing new appropriations for its implementation, which lowers the likelihood of higher taxes or deficit-financed outlays.
Federal budget planners: the requirement that implementation fit within existing appropriations improves budget predictability and clarifies planning constraints for agencies.
Program beneficiaries: people served by programs created or altered under the Act may receive fewer, reduced, or delayed services if no new funds are provided.
Implementing agencies and taxpayers: agencies may face resource shortfalls and be forced to reallocate existing funds, straining other programs, creating service gaps, and imposing indirect costs on taxpayers.
Based on analysis of 3 sections of legislative text.
Directs OMB and the FAR Council to require covered federal contractors to implement vulnerability disclosure programs aligned with NIST and ISO guidance within set deadlines.
Requires the Office of Management and Budget (OMB) and the Federal Acquisition Regulation (FAR) Council to update federal contracting rules so covered contractors must run vulnerability disclosure programs that follow NIST guidance and international standards. OMB must recommend language within 180 days of enactment, the FAR Council must act within 180 days after receiving those recommendations, and agencies may grant limited waivers for national security or research reasons with timely notification to Congress. The law does not provide new funding and must be implemented with existing resources.