If passed, the Internet of Things Cybersecurity Improvement Act of 2019, introduced in the Senate and House Monday, would compel the U.S. government to purchase only devices that meet the legislation’s minimum security requirements

“While I’m excited about their life-changing potential, I’m also concerned that many IoT devices are being sold without appropriate safeguards and protections in place, with the device market prioritizing convenience and price over security,” said Sen. Mark Warner, the co-chair of the Senate Cybersecurity Caucus, who introduced the bill with co-chair Sen. Cory Gardner, R-Colo., and Sens. Maggie Hassan, D-N.H., and Steve Daines, R-Mon. “This legislation will use the purchasing power of the federal government to establish some minimum security standards for IoT devices.”

The bill would require the National Institute of Standards and Technology (NIST) to craft recommendations that address secure development, identity management, patching and configuration management for IoT devices as well as press the Office of Management and Budget (OMB) to come up with agency guidelines based on the NIST guidance. OMB would be required to review agency policies every three years. The government would be restricted to purchasing only those devices that comply with the NIST recommendations.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.