The House Homeland Security Committee on Wednesday marked up a number of bipartisan bills, including legislation aimed at improving the way the Department of Homeland Security acquires software to bolster security.
The DHS Software Supply Chain Risk Management Act of 2021 (H.R. 4611), introduced by Rep. Ritchie Torres (D-N.Y.), would require DHS to issue guidance to its contracting professionals across the department to improve their insight into the information and communications technology and services they are acquiring.
The bill requires a bill of materials with each contract and certifications that each item is free from known security vulnerabilities and defects identified by the National Institute of Standards and Technology or in other databases.
If vulnerabilities are identified, notifications are required on plans to mitigate or resolve security issues.