Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025

[AI summary unavailable — showing source text] Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025 This bill requires revisions to acquisition regulations related to information systems vulnerabilities for certain federal contractors. The revisions apply to contractors whose contract is at or above the simplified acquisition threshold ($250,000 in most cases) or that use, operate, manage, or maintain a federal information system on behalf of an agency.  Under the bill, the Office of Management and Budget must review the Federal Acquisition Regulation (FAR) and recommend updated contract requirements and language for contractor vulnerability disclosure programs. (Such programs establish processes for identifying, reporting, and mitigating information system vulnerabilities discovered by security researchers, software developers, and others.) The recommendations must include requirements to ensure that such contractors implement vulnerability disclosure policies consistent with guidelines from the National Institute of Standards and Technology. The Federal Acquisition Regulation Council must review these recommendations and update the FAR as necessary to incorporate requirements for such contractor…