IoT Cybersecurity Bill Advances to Full Senate

IoT Cybersecurity Bill Advances to Full Senate

The IoT Cybersecurity bill, which was introduced in March, passed through the Senate Homeland Security and Governmental Affairs last week and is now headed to the full Senate for a vote.

The Internet of Things Cybersecurity Improvement Act passed through the Senate Homeland Security and Governmental Affairs on June 19 and is now headed to the full Senate for a vote.

The bill was introduced in March and would “require that devices purchased by the U.S. government meet certain minimum security requirements."

That version of the bill passed out of the House Committee on Oversight and Reform two weeks ago, and the Senate bill now includes vendors as well as devices.

As passed out of the Committee last week, the bill would specifically:

  • Require the National Institute of Standards and Technology (NIST) to issue recommendations addressing, at a minimum, secure development, identity management, patching, and configuration management for IOT devices.
  • Direct the Office of Management and Budget (OMB) to issue guidelines for each agency that are consistent with the NIST recommendations, and charge OMB with reviewing these policies at least every five years.
  • Require any Internet-connected devices purchased by the federal government to comply with those recommendations.
  • Direct NIST to work with cybersecurity researchers, industry experts, and the Department of Homeland Security (DHS) to publish guidance on coordinated vulnerability disclosure to ensure that vulnerabilities related to agency devices are addressed.
  • Require contractors and vendors providing information systems to the U.S. government to adopt coordinated vulnerability disclosure policies, so that if a vulnerability is uncovered, that if a vulnerability is uncovered, that can be effectively shared with a vendor for remediation.

About the Author

Kaitlyn DeHaven is the Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

  • Ahead of Current Events Ahead of Current Events

    In this episode, Ralph C. Jensen chats with Dana Barnes, president of global government at Dataminr. We talk about the evolution of Dataminr and how data software benefits business and personnel alike. Dataminr delivers the earliest warnings on high impact events and critical information far in advance of other sources, enabling faster response, more effective risk mitigation for both public and private sector organizations. Barnes recites Dataminr history and how their platform works. With so much emphasis on cybersecurity, Barnes goes into detail about his cybersecurity background and the measures Dataminr takes to ensure safe and secure implementation.

Digital Edition

  • Security Today Magazine - November December 2022

    November / December 2022

    Featuring:

    • Key Tech Trend
    • Is Your Access Control System Cyber Secure?
    • Constantly Evolving
    • The Talent Shortage
    • Looking Forward to 2023

    View This Issue

  • Environmental Protection
  • Occupational Health & Safety
  • Spaces4Learning
  • Campus Security & Life Safety