US IoT Improvement Act Becomes Law

Dec 17, 2020

After passing the House and Senate, H.R. 1668 or the IoT Cybersecurity Improvement Act of 2020 was signed by US President Donald Trump last December 4, 2020. The law requires federal agencies to have cybersecurity requirements to all controlled and owned IoT devices.

The bill had 26 co-sponsors with an almost equal number of Democrats and Republicans backing it. The IoXT Alliance was also involved in giving industry-input to develop the legislation.

Under the new law, the National Institute of Standards and Technology (NIST) must release standards and guidelines for federal agencies on the use of IoT devices. NIST must also take into account relevant best practices developed by agencies, the private sectors, and public-private collaborations. In addition, NIST is required to parent with cybersecurity researchers, industry experts, and the Department of Homeland Security (DHS) in releasing guidelines on security vulnerability

Moreover, the IoT Cybersecurity Improvement Act directs the Management and Budget (OMB) to create guidelines for every agency. Such guidelines must be in line with recommendations from the NIST.

Under the new law, the National Institute of Standards and Technology (NIST) must release standards and guidelines for federal agencies on the use of IoT devices. NIST must also take into account relevant best practices developed by agencies, the private sectors, and public-private collaborations. In addition, NIST is required to parent with cybersecurity researchers, industry experts, and the Department of Homeland Security (DHS) in releasing guidelines on security vulnerability.

Moreover, the IoT Cybersecurity Improvement Act directs the Management and Budget (OMB) to create guidelines for every agency. Such guidelines must be in line with recommendations from the NIST. The law also requires IoT devices owned by the federal government to adhere to the NIST-issued guidelines. Lastly, contractors must comply with NIST standards. Agencies must determine such compliance before awarding a contract to obtain any IoT device from a contractor.

After 90 days since the passing of the bill, NIST must publish the minimum security requirements to be used by federal agencies in addressing risks related to IoT devices. Once completed, the director of the Office of Management and Budget (OMB) will review the guideline and consult with the director of the Cybersecurity and Infrastructure Security Agency.

In September 2020, the Government Accountability Office reported that 56 out of 80 agencies use IoT to track asset, monitor, and access control. The growing need for IoT devices means a robust cybersecurity law such as the IoT Cybersecurity Improvement Act of 2020 is needed to mitigate the risk of cyber attacks and threats.

Cybersecurity plays a central part in securing government information. It is also vital that it doesn’t compromise user productivity in the process. To learn more about cybersecurity for government and why it matters, click here.

Author: Ericka Pingol


This website uses cookies for website functionality, traffic analytics, personalization, social media functionality, and advertising. By continuing to browse, you agree to our use of cookies.
Continue
Learn moreprivacy policy