Only YOU can prevent IoT network shutdowns

As tens of billions of additional Internet of Things (IoT) devices are poised to enter the market and infuse our supply chains, on December 4, 2020, President Donald Trump signed the first ever federal law governing IoT devices. The IoT Cybersecurity Improvement Act (the Act) will result in new national rules for federal procurement of IoT devices which, along with California and Oregon’s IoT laws, will likely also help solidify IoT security standards more generally.

The Act builds upon and helps unify the varying cybersecurity standards within federal procurement regulations, including the Defense Federal Acquisition Regulation Supplement (FAR), in order to better secure government networks, infrastructure and systems. More specifically, it will require:

  • The National Institute of Standards and Technology (NIST) and the Office of Management and Budget (OMB) to issue recommendations and guidelines addressing security standards;
  • Any IoT device purchased by the federal government to comply with those recommendations; and
  • Contractors and vendors providing information systems to the US government to adopt coordinated vulnerability disclosure policies, so that if a vulnerability is uncovered, that can be effectively shared with a vendor for remediation.

Learn more.

Back to top