The House on Wednesday overwhelmingly passed a bipartisan measure meant to improve the way the Department of Homeland Security acquires software to strengthen security.
The DHS Software Supply Chain Risk Management Act of 2021 (H.R. 4611), which passed by a vote of 412 to 2, requires a bill of materials with each contract and certifications that each item is free from known security vulnerabilities and defects identified by the National Institute of Standards or in other databases. If vulnerabilities are identified, notifications are required on plans to mitigate or resolve security issues.
The bill was introduced this summer by Rep. Ritchie Torres (D-N.Y.) and co-sponsored by Rep. Andrew Garbarino (R-N.Y.), who are both members of the House Homeland Security Committee.
The bill also requires DHS to issue guidance to its contracting officers on how enforce the security software security requirements which apply to information technology and systems, telecommunications equipment and services.