The United States Congress enacted the Internet of Things Cybersecurity Improvement Act of 2020, establishing minimum security standards for Internet of Things ("IoT") devices owned or controlled by the U.S. Federal Government.
The Act directed the National Institute of Standards and Technology (NIST) to establish standards and guidelines for the Federal Government on federal agencies' use and management of IoT devices that connect to information systems owned or controlled by an agency. These standards would include minimum information security requirements for managing cybersecurity risks and any security vulnerabilities associated with such devices.
Once the standards are issued, NIST would conduct a review of the Government agencies' compliance with the standards. The standards would also be reviewed for necessary updates or revisions every 5 years.
The Act also provides that a Governmental agency is prohibited from procuring or obtaining an Internet of Things device, and from renewing a contract to procure, obtain or use such devices if their use prevents compliance with the standards and guidelines established by NIST. The Act provides several exceptions to this prohibition, where the use of such device is necessary for national security interest, for research purposes, or where such device is secured using alternative and effective methods appropriate to the functioning of the device.
The Act is not pending the President's signature into law.
CLICK HERE to read the Internet of Things Cybersecurity Improvement Act of 2020.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.