The Federal Contractor Cybersecurity Act and What You Should Know
To enhance federal cybersecurity, Rep. Nancy Mace, R-S. Carolina, introduced the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025 (H.R. 872) on January 31, 2025. A similar bill introduced the previous year stalled in the Senate. This bill aims to close a critical gap in federal cybersecurity standards by ensuring that all federal contractors implement a vulnerability disclosure policy consistent with the National Institute of Standards and Technology (NIST) guidelines. Shontel Brown, D-Ohio, cosponsors the bill.
So, what does H.R. 872 entail, and why is it significant to federal contractors? This bill mandates that the Office of Management and Budget (OMB) and the Department of Defense (DoD) require federal contractors to have structured processes for receiving and addressing reports of potential security vulnerabilities. These security vulnerabilities are defined under section 2200 of the Homeland Security Act of 2002 (6 U.S.C. 650) as any part of a system – whether it’s hardware, software or a specific process, that could be used to bypass or weaken security measures. This includes weaknesses that can be exploited to compromise an information system’s confidentiality, integrity or availability. IT companies with contracts exceeding $250K must disclose these vulnerabilities in their services and products. If enacted, OMB will work with the Cybersecurity and Infrastructure Security Agency (CISA) and other agencies to update the Federal Acquisition Regulation (FAR) and the DoD will revise the Defense Federal Acquisition Regulation Supplement (DFARS) to include these requirements for defense industry-based contractors.
Currently, bill H.R. 872 is waiting for the Senate to consider, as this bipartisan bill passed the House on March 3, 2025. It is under review by the Senate Committee on Homeland Security and Government Affairs. If it passes the Senate, it will then need the President to sign it to become law. There are strong indications that it will pass the Senate due to bipartisan support, national security concerns and backing from major tech companies.
The Act represents a sizable step forward in strengthening the cybersecurity framework for federal contractors. By mandating vulnerability disclosure policies aligned with NIST guidelines, the proposed bill aims to ensure that contractors are proactive in identifying and addressing potential security threats. With strong bipartisan support and backing from major tech companies, it is a crucial advancement in protecting sensitive government data and closing federal cybersecurity gaps. While we await the Senate's decision, this bill underscores the vital importance of robust cybersecurity measures in protecting national security and highlights the critical role IT companies play in this effort.
As a federal contractor, you can take advanced actions to prepare for this potential law in several areas to position yourself favorably. Begin by ensuring that your company has a Vulnerability Disclosure Policy (VDP) that aligns with the guidelines set by the National Institute of Standards and Technology (NIST). This policy should outline how vulnerabilities are reported, triaged and remediated. Conduct a Gap Analysis by reviewing your current cybersecurity practices and comparing those against the requirements of the act, focusing on areas such as incident response, vulnerability management and compliance as outlined by NIST standards. Consult with cybersecurity experts to help design and implement a robust VDP. They can provide valuable insights and ensure that your policies and procedures are effective and compliant. Train your staff in the importance of cybersecurity and the specifics of the new requirements. Provide them with training to help everyone in the organization understand their role in maintaining security. Finally, you’ll want to monitor legislative updates to stay abreast of the bill’s progress and any changes to its provisions. This will ensure you stay ahead of any new requirements, ensure that your company remains compliant with federal policies and enhances its cybersecurity posture.
To get more TD SYNNEX Public Sector Market Insight content, please visit our Market Intelligence microsite.
About the Author:
Toan Le is a Senior Market Insights Analyst on the DLT Market Insights team covering DOD and IC domain-centric trends across the Public Sector.
Related Blog Posts
Federal Government, Infrastructure, Market Intelligence, Technology
The White House recently introduced a major change in how the federal government plans to procure goods and services in its ongoing effort to eliminate waste, fraud and abuse. In an Executive Order published on March 20, 2025, it calls for all federal procurement to consolidate under General Services Administration (GSA) management. This essentially centralizes all federal agencies’ purchasing of technology products and services to one agency.
Toan Le
Cloud, Cybersecurity, Education, Market Intelligence, Technology
This year, higher education is undergoing a transformative shift and education institutions must now keep pace with the expectations of the modern world. Emerging and innovative technology is at the forefront of this transformation, with a focus on boosting flexibility, expanding access to student services and enhancing the individualized student experience with more personalized learning options.
Yvonne Maffia
Cloud, Cybersecurity, Education, Market Intelligence, Technology
This year, higher education is undergoing a transformative shift and education institutions must now keep pace with the expectations of the modern world. Emerging and innovative technology is at the forefront of this transformation, with a focus on boosting flexibility, expanding access to student services and enhancing the individualized student experience with more personalized learning options.
Yvonne Maffia
Cybersecurity, Federal Government, IT Infrastructure, Market Intelligence, Technology
In the first week of his administration, President Trump issued the “Removing Barriers to American Leadership in Artificial Intelligence” executive order (EO).
Susanna Patten
Cybersecurity, Federal Government, IT Infrastructure, Market Intelligence, Technology
In the first week of his administration, President Trump issued the “Removing Barriers to American Leadership in Artificial Intelligence” executive order (EO).
Susanna Patten
Cybersecurity, Market Intelligence, Technology
On April 3, 2025, the Cybersecurity Infrastructure Security Agency released a joint cybersecurity advisory alongside the National Security Agency, Federal Bureau of Investigations, Australian Signals Directorate’s Australian Cyber Security Centre, Canadian Centre for Cyber Security and New Zealand National Cyber Security Centre on a cyberattack technique known as “fast flux.” In a cyberattack using fast flux, cyber attackers rapidly change Domain Name System (DNS) records to obscure the locations of malicious servers and create resilient command and control (C2) infrastructure, thereb
Gabriel Zighelboim
Cybersecurity, Market Intelligence, Technology
On April 3, 2025, the Cybersecurity Infrastructure Security Agency released a joint cybersecurity advisory alongside the National Security Agency, Federal Bureau of Investigations, Australian Signals Directorate’s Australian Cyber Security Centre, Canadian Centre for Cyber Security and New Zealand National Cyber Security Centre on a cyberattack technique known as “fast flux.” In a cyberattack using fast flux, cyber attackers rapidly change Domain Name System (DNS) records to obscure the locations of malicious servers and create resilient command and control (C2) infrastructure, thereb
Gabriel Zighelboim
Cloud Computing, Cybersecurity, Data & Storage, Federal Government, IT Infrastructure, Market Intelligence, Technology
In March 2025, the Defense Information Systems Agency (DISA) released its FY25-FY27 data strategy. The strategy consists of three lines of effort (LOE) and follows DISA’s Data Strategy Implementation Plan for FY 2022-2024. IT Companies interested in contracting with DISA should be aware of the data strategy as the strategy will influence DISA’s IT procurement decisions over the next two years.
Gabriel Zighelboim
Cloud Computing, Cybersecurity, Data & Storage, Federal Government, IT Infrastructure, Market Intelligence, Technology
In March 2025, the Defense Information Systems Agency (DISA) released its FY25-FY27 data strategy. The strategy consists of three lines of effort (LOE) and follows DISA’s Data Strategy Implementation Plan for FY 2022-2024. IT Companies interested in contracting with DISA should be aware of the data strategy as the strategy will influence DISA’s IT procurement decisions over the next two years.
Gabriel Zighelboim
Market Intelligence, Zero Trust
Workforce Updates and ImplicationsLast month, I discussed workforce reduction as it began to play out across agencies. Since then, we’ve seen an acceleration of additional cuts, as departments have been tasked with providing the White House their intended comprehensive plans for a reduction in force by the week ending March 14, while further federal guidance has more recently directed the Department of Education and VA to lay off additional personnel as well.
Susanna Patten
AI, Big Data, Cybersecurity, Data and Analytics, Federal Government, Market Intelligence
In 2025, SLED government technology is undergoing a significant transformation, focusing on modernization, efficiency and improved service delivery. Emerging and innovative technology is at the forefront of this transformation, with AI leading the charge. AI’s influence on government operations is undeniable; whether it’s public safety, health, or education, AI is shaping government operations across all verticals.
Yvonne Maffia
AI, Big Data, Cybersecurity, Data and Analytics, Federal Government, Market Intelligence
In 2025, SLED government technology is undergoing a significant transformation, focusing on modernization, efficiency and improved service delivery. Emerging and innovative technology is at the forefront of this transformation, with AI leading the charge. AI’s influence on government operations is undeniable; whether it’s public safety, health, or education, AI is shaping government operations across all verticals.
Yvonne Maffia
Cybersecurity, Market Intelligence, State & Local Government
The State Risk and Authorization Management Program, also known as StateRAMP, is slated to rebrand itself to “GovRAMP” later this year to more accurately reflect the entire scope of the nonprofit’s mission and support the “whole-of-state” approach to cybersecurity.
Yvonne Maffia
Cybersecurity, Market Intelligence, State & Local Government
The State Risk and Authorization Management Program, also known as StateRAMP, is slated to rebrand itself to “GovRAMP” later this year to more accurately reflect the entire scope of the nonprofit’s mission and support the “whole-of-state” approach to cybersecurity.
Yvonne Maffia
AI, Cybersecurity, Market Intelligence
The Army is moving fast to stay ahead in the digital battlefield. To make this happen, it is driving modernization initiatives to boost operational effectiveness and strengthen national security with a comprehensive IT modernization strategy. If you're in IT sales, knowing what the Army is focusing on can help you tailor your solutions to their needs and effectively establish a trusting partnership in the long run. Let's examine the top five IT modernization initiatives that are shaping the Army's 2025 vision and see how your tech solutions can help.
Toan Le
AI, Cybersecurity, Market Intelligence
The Army is moving fast to stay ahead in the digital battlefield. To make this happen, it is driving modernization initiatives to boost operational effectiveness and strengthen national security with a comprehensive IT modernization strategy. If you're in IT sales, knowing what the Army is focusing on can help you tailor your solutions to their needs and effectively establish a trusting partnership in the long run. Let's examine the top five IT modernization initiatives that are shaping the Army's 2025 vision and see how your tech solutions can help.
Toan Le
Federal Government, Market Intelligence
We’re now a month into the Trump Administration, and one prevailing theme we’ve seen take hold is that of workforce reduction, in effort according to officials, to maximize long-term efficiency and align to the new Administration’s priorities. For more on the initially announced fed-wide reductions, see my previous blog. The DoD has recently noted it is aiming to reduce its civilian workforce by 5 to 8 percent, including 5,400 probationary defense employee lay-offs.
Susanna Patten
Big Data, Big Data & Analytics, Cybersecurity, Market Intelligence, State & Local Government, Technology
The Center for Digital Government’s 2025 Beyond the Beltway Market Briefing event took place in Mclean, VA last week where state and local government leaders shared insights into top technology priorities for 2025.Some of the key topics of discussion were the 2025 state and local market outlook, the potential impact of the new administration on government technology, emerging technologies such as AI, the foundational role of data, the evolving cybersecurity landscape and modernization and the customer experience.
Yvonne Maffia
Big Data, Big Data & Analytics, Cybersecurity, Market Intelligence, State & Local Government, Technology
The Center for Digital Government’s 2025 Beyond the Beltway Market Briefing event took place in Mclean, VA last week where state and local government leaders shared insights into top technology priorities for 2025.Some of the key topics of discussion were the 2025 state and local market outlook, the potential impact of the new administration on government technology, emerging technologies such as AI, the foundational role of data, the evolving cybersecurity landscape and modernization and the customer experience.
Yvonne Maffia
Federal Government, Market Intelligence
Federal agencies across all areas of government have been contemplating workforce challenges for several years now. Prior to 2025, concerns for federal employees chiefly included maintaining an appropriate number of personnel with many aging out and retiring from the workforce, in addition to obtaining and retaining new talent that fit the ever-increasing technological needs of advanced and emerging IT given the competitive salary requirements for some of the field’s best and brightest.
Susanna Patten
IT Perspective, Market Intelligence, State & Local Government, Technology
Numerous cities in the United States struggle with wastewater issues. Many cities’ systems are designed to accommodate smaller populations, and historical rainfall patterns are increasingly prone to causing overflows – where wastewater spills into drinking water sources, streets and homes. And many cities utilize mostly combined wastewater systems where wastewater and rainwater both drain through the same infrastructure, creating increased stress on city systems during storms.
Gabriel Zighelboim
Big Data, Cloud, Cybersecurity, Market Intelligence
With any new executive administration, change is inevitable for federal agency priorities. It remains true, however, that departments and agencies consistently rely on IT products and services and historic trends confirm stability in public sector IT spending under both Republican and Democratic administrations. For FY25, much of the spending has already been laid out in the budget and priorities for FY26 are well under way, so you can expect to see little change to agency needs in the very near term.
Gabriel Zighelboim
Big Data, Cloud, Cybersecurity, Market Intelligence
With any new executive administration, change is inevitable for federal agency priorities. It remains true, however, that departments and agencies consistently rely on IT products and services and historic trends confirm stability in public sector IT spending under both Republican and Democratic administrations. For FY25, much of the spending has already been laid out in the budget and priorities for FY26 are well under way, so you can expect to see little change to agency needs in the very near term.
Gabriel Zighelboim
Cybersecurity, Digital Design, Market Intelligence, State & Local Government
On December 12th, 2024, The National Association of State Chief Information Officers (NASCIO) released its 2025 annual top 10 priorities list identifying the most pressing technology and policy issues that state CIOs are prioritizing for the upcoming year.
Yvonne Maffia
Cybersecurity, Digital Design, Market Intelligence, State & Local Government
On December 12th, 2024, The National Association of State Chief Information Officers (NASCIO) released its 2025 annual top 10 priorities list identifying the most pressing technology and policy issues that state CIOs are prioritizing for the upcoming year.
Yvonne Maffia
Cybersecurity, IT Infrastructure, Market Intelligence
The final CMMC rule went into effect December 16, 2024.
Toan Le
Cybersecurity, IT Infrastructure, Market Intelligence
The final CMMC rule went into effect December 16, 2024.
Toan Le
Cybersecurity, Education, Market Intelligence
This year’s annual EDUCAUSE Conference took place in San Antonio, Texas, where higher education leaders shared key insights into top edtech trends, priorities and challenges shaping the higher education landscape. The 2025 Educause Top 10 priorities list addresses how higher education technology and data leaders can work together to restore trust within the education sector by building competent and caring institutions through collaboration, consistent results and shifting from monolithic systems and processes to more flexible and unified solutions.
Yvonne Maffia
Cybersecurity, Education, Market Intelligence
This year’s annual EDUCAUSE Conference took place in San Antonio, Texas, where higher education leaders shared key insights into top edtech trends, priorities and challenges shaping the higher education landscape. The 2025 Educause Top 10 priorities list addresses how higher education technology and data leaders can work together to restore trust within the education sector by building competent and caring institutions through collaboration, consistent results and shifting from monolithic systems and processes to more flexible and unified solutions.
Yvonne Maffia
Big Data, Cybersecurity, Market Intelligence, Technology
Hello from DoDIIS in Omaha, Nebraska! TDSYNNEX Public Sector is once again attending, so if you didn’t make it out to the city that invented the Reuben sandwich, we’ve got you covered. The conference kicked off with a heavy focus on several prevailing themes, notably: cybersecurity, deterrence, interoperability, and data centricity. If you read that list and thought AI was missing – fear not – it was included in discussions, but primarily as a vehicle for aiding in the intelligence community’s (IC) top priorities.
Susanna Patten
Big Data, Cybersecurity, Market Intelligence, Technology
Hello from DoDIIS in Omaha, Nebraska! TDSYNNEX Public Sector is once again attending, so if you didn’t make it out to the city that invented the Reuben sandwich, we’ve got you covered. The conference kicked off with a heavy focus on several prevailing themes, notably: cybersecurity, deterrence, interoperability, and data centricity. If you read that list and thought AI was missing – fear not – it was included in discussions, but primarily as a vehicle for aiding in the intelligence community’s (IC) top priorities.
Susanna Patten
Cybersecurity, Market Intelligence, State & Local Government, Technology
The 2024 National Association of State Chief Information Officers (NASCIO) Annual Conference took place in New Orleans, Louisiana earlier this month, where state leaders shared key insights into FY25 top technology priorities, challenges and lessons learned. Some of the key focus areas included AI, with emphasis on generative AI (Gen AI) tech, data management, governance, privacy and accessibility, cybersecurity and risk management and digital services and modern government.
Yvonne Maffia
Cybersecurity, Market Intelligence, State & Local Government, Technology
The 2024 National Association of State Chief Information Officers (NASCIO) Annual Conference took place in New Orleans, Louisiana earlier this month, where state leaders shared key insights into FY25 top technology priorities, challenges and lessons learned. Some of the key focus areas included AI, with emphasis on generative AI (Gen AI) tech, data management, governance, privacy and accessibility, cybersecurity and risk management and digital services and modern government.
Yvonne Maffia
AI, Cybersecurity, Market Intelligence
This month marks the 20th anniversary of the declaration of “Cybersecurity Awareness Month,” originally created by the Department of Homeland Security and the National Cyber Security Alliance in 2004. Since then, we’ve seen vast amounts of change and innovation in the sector. We’ve also seen continually updated legislation, new technology and opportunities for IT companies to penetrate the market as federal agencies continue to watch threats evolve.
Susanna Patten
AI, Cybersecurity, Market Intelligence
This month marks the 20th anniversary of the declaration of “Cybersecurity Awareness Month,” originally created by the Department of Homeland Security and the National Cyber Security Alliance in 2004. Since then, we’ve seen vast amounts of change and innovation in the sector. We’ve also seen continually updated legislation, new technology and opportunities for IT companies to penetrate the market as federal agencies continue to watch threats evolve.
Susanna Patten
Federal Fiscal Year End, Federal Government, Market Intelligence, Technology
At this point, anyone keenly watching the budget process every year can tell you the likelihood of a continuing resolution (CR) being passed as opposed to a new budget by Oct 1st is all but guaranteed. CRs act as a temporary stopgap designed to avoid a government shutdown. However, it also locks funding to the previous fiscal year’s level and prevents new projects from getting started. Projects then remain under operations and maintenance until a new budget, with new requirements, is passed.
Susanna Patten
Cybersecurity, Federal Government, Market Intelligence, Technology
The US military information network comprises over 15,000 classified and unclassified networks facilitating information exchange for service members worldwide. Known as the Department of Defense Network (DoDIN), it includes devices such as computers, mobile phones, weapons, servers, and data systems consistently serving military personnel at all levels. Data sharing across these devices has been under frequent threats of cyberattacks by adversaries and necessitates keen vigilance by the Defense Information System Agency (DISA) to manage risks and vulnerabilities.
Toan Le
Cybersecurity, Federal Government, Market Intelligence, Technology
The US military information network comprises over 15,000 classified and unclassified networks facilitating information exchange for service members worldwide. Known as the Department of Defense Network (DoDIN), it includes devices such as computers, mobile phones, weapons, servers, and data systems consistently serving military personnel at all levels. Data sharing across these devices has been under frequent threats of cyberattacks by adversaries and necessitates keen vigilance by the Defense Information System Agency (DISA) to manage risks and vulnerabilities.
Toan Le
AI, Education, Market Intelligence, State & Local Government
With the increasing prominence of artificial intelligence and machine learning (AI/ML), numerous state governments are creating taskforces on AI to help determine their state’s AI strategy.
Gabriel Zighelboim
Cybersecurity, Federal Government, Market Intelligence
Defending against cyberattacks is an ongoing battle for the Air Force, Army, and Navy, and requires strategic maneuvering and intelligent solutions. An integral part of these solutions has been the collaboration and technical support from the defense industrial base (DIB). Recently, the principal cyber advisors from each branch announced their challenges and priorities geared toward addressing cyber needs.
Toan Le
Cybersecurity, Federal Government, Market Intelligence
Defending against cyberattacks is an ongoing battle for the Air Force, Army, and Navy, and requires strategic maneuvering and intelligent solutions. An integral part of these solutions has been the collaboration and technical support from the defense industrial base (DIB). Recently, the principal cyber advisors from each branch announced their challenges and priorities geared toward addressing cyber needs.
Toan Le
FAA, Federal Government, Market Intelligence
Given the numerous commercial airline safety incidents in the news within the past few months, it should be no surprise that the Federal Aviation Administration (FAA) and government legislators have taken an interest in improving the safety of US airspace. The FAA is looking into and implementing new solutions to improve airspace safety, and government legislators are funding airspace safety initiatives.
Gabriel Zighelboim
Federal Fiscal Year End, Federal Government, Market Intelligence
You read that title correctly; here we are near the end of another federal fiscal year. If you’re thinking it feels like Congress just passed the fiscal year 2024 (FY24) budget, you’re correct. Half of FY24 was spent in a state of continuing resolutions, with the passage of a final budget a whopping six months into the year, in March 2024. Federal agencies have had effectively half the time they would be allotted in an ideal fiscal year timeframe to spend less, the same, or in some cases more money.
Susanna Patten
Federal Government, Market Intelligence, Technology
In a contest this year of “Most Popular IT Market Trends” it’s highly likely artificial intelligence (AI) would win first place. Federal agencies have released troves of related guidance in the past year, including an executive order, Office of Management and Budget (OMB) memos, National Institute of Standards and Technology (NIST) protocols, and the Department of Defense’ (DoD) AI Strategy. So much of the discussion around AI up until very recently though has been just that: discussion.
Susanna Patten
Cybersecurity, Market Intelligence, State & Local Government
The 2024 fiscal year-end is coming to a close for 46 states, which means that it’s time to put on those running shoes and take advantage of any last minute, end-of-year opportunities. State, local and education (SLED) organizations are already game planning where to funnel resources and dollars in next year’s budget, highlighting the top priorities and challenges that will shape future downstream requirements.Key points to keep in mind:
Yvonne Maffia
Cybersecurity, Market Intelligence, State & Local Government
The 2024 fiscal year-end is coming to a close for 46 states, which means that it’s time to put on those running shoes and take advantage of any last minute, end-of-year opportunities. State, local and education (SLED) organizations are already game planning where to funnel resources and dollars in next year’s budget, highlighting the top priorities and challenges that will shape future downstream requirements.Key points to keep in mind:
Yvonne Maffia
Cybersecurity, Federal Government, Infrastructure, Market Intelligence
Recently the Office of the Director of National Intelligence (ODNI) released a roadmap entitled Vision for the IC Information Environment to outline a vision to protect the nation from adversaries and maintain a “strategic advantage" over those intending to harm its information infrastructure. The roadmap contains recommendations from a collaboration of more than one hundred technical leaders from the intelligence community (IC).
Toan Le
Cybersecurity, Federal Government, Infrastructure, Market Intelligence
Recently the Office of the Director of National Intelligence (ODNI) released a roadmap entitled Vision for the IC Information Environment to outline a vision to protect the nation from adversaries and maintain a “strategic advantage" over those intending to harm its information infrastructure. The roadmap contains recommendations from a collaboration of more than one hundred technical leaders from the intelligence community (IC).
Toan Le
Market Intelligence, State & Local Government, Technology
The Department of Justice (DOJ) recently released its Final Rule on Title II of the Americans with Disabilities Act (ADA). In doing so, they created numerous new requirements state and local governments need to adhere to in designing their digital offerings including adding video narration options, making websites compatible with assistive technologies and making web page labels descriptive.
Gabriel Zighelboim
Market Intelligence, State & Local Government, Technology, Transportation
Emerging technologies such as artificial intelligence (AI) and machine learning (ML) are all the rage as of late, and one sector where they can provide innumerable benefits deserves special attention – transportation.
Yvonne Maffia