CBO Scores Cyber Vulnerability Disclosure Reporting Act

The Cyber Vulnerability Disclosure Reporting Act (HR 3202) would require the Department of Homeland Security (DHS), within 240 days of the bill’s enactment, to submit a report to the Congress describing the policies and procedures used to coordinate the sharing of information on cyber vulnerabilities with businesses and other relevant entities. The report also would describe how those policies and procedures were used to disclose such vulnerabilities over the past year and, if available, how recipients of those disclosures acted upon the information.

Based on an analysis of information from DHS, CBO estimates that implementing the bill would cost less than $500,000 over the 2018-2022 period; such spending would be subject to the availability of appropriated funds. Enacting H.R. 3202 would not affect direct spending or revenues; therefore, pay-as-you-go procedures do not apply. CBO estimates that enacting H.R. 3202 would not increase net direct spending or on-budget deficits in any of the four consecutive 10-year periods beginning in 2028.