US HB5793 | 2013-2014 | 113th Congress
Status
Spectrum: Partisan Bill (Republican 2-0)
Status: Introduced on December 4 2014 - 25% progression, died in committee
Action: 2014-12-04 - Referred to the House Committee on Oversight and Government Reform.
Pending: House Oversight And Government Reform Committee
Text: Latest bill text (Introduced) [PDF]
Status: Introduced on December 4 2014 - 25% progression, died in committee
Action: 2014-12-04 - Referred to the House Committee on Oversight and Government Reform.
Pending: House Oversight And Government Reform Committee
Text: Latest bill text (Introduced) [PDF]
Summary
Cyber Supply Chain Management and Transparency Act of 2014 - Requires the Office of Management and Budget (OMB) to issue guidelines for agencies that contract to acquire software, firmware, or products containing a third party or open source binary component. Requires binary component contracts to include clauses requiring: a confidentially supplied list, or a bill of materials, of each binary component that is used in the software, firmware, or product; the contractor to verify that products do not contain known security vulnerabilities and to notify the purchasing agency of any known vulnerabilities or defects; the contractor to obtain a waiver from the purchasing agency for components known to be vulnerable; an agency approving a vulnerability waiver to accept all risk associated with component use; product designs to allow fixes with patches, updates, or replacements; and the contractor to provide timely repairs for discovered vulnerabilities. Directs the OMB to issue guidance requiring agencies: (1) to replace components with currently known vulnerabilities and to remove or repair any new vulnerable components that become known; and (2) to migrate to patchable, repairable, and fixable products. Requires agencies to provide the Department of Homeland Security (DHS) with a list of each known vulnerable component in any product in use by the agencies. Directs DHS to issue an annual confidential report describing the security vulnerabilities of projects that created any known vulnerable component. Requires the report to assess the integrity of component suppliers for the incidence of security vulnerabilities for use by other agencies. Requires agencies, within 30 months after enactment of this Act, to report to Congress regarding the completion of the removal of each known vulnerable or defective component. Directs other entities of the U.S. government to replace vulnerable components with less vulnerable alternatives.
Title
Cyber Supply Chain Management and Transparency Act of 2014
Sponsors
| Rep. Edward Royce [R-CA] | Rep. Lynn Jenkins [R-KS] |
History
| Date | Chamber | Action |
|---|---|---|
| 2014-12-04 | House | Referred to the House Committee on Oversight and Government Reform. |
| 2014-12-04 | House | Sponsor introductory remarks on measure. (CR E1743-1745) |
Subjects
Administrative law and regulatory procedures
Computer security and identity theft
Computers and information technology
Government information and archives
Government operations and politics
Homeland security
Office of Management and Budget (OMB)
Public contracts and procurement
Computer security and identity theft
Computers and information technology
Government information and archives
Government operations and politics
Homeland security
Office of Management and Budget (OMB)
Public contracts and procurement
US Congress State Sources
| Type | Source |
|---|---|
| Summary | https://www.congress.gov/bill/113th-congress/house-bill/5793/all-info |
| Text | https://www.congress.gov/113/bills/hr5793/BILLS-113hr5793ih.pdf |
