U.S. SENATE – U.S. Senator Steve Daines announced that his bipartisan bill requiring commonsense cybersecurity standards for internet connected devices bought by the U.S. government has been signed into law by President Trump.
“After years of bipartisan work and strong support, my commonsense bill to increase cybersecurity standards for internet connected devices has been signed into law,” Daines said. “As more and more products have internet connectivity, we must guarantee we have basic safeguards and protections in place to ensure our national security is safe from cyber threats.”
Specifically, the “Internet of Things (IoT) Cybersecurity Improvement Act” would:
· Require the National Institute of Standards and Technology (NIST) to issue recommendations addressing, at a minimum, secure development, identity management, patching, and configuration management for IoT devices.
· Direct the Office of Management and Budget (OMB) to issue guidelines for each agency that are consistent with the NIST recommendations, including making any necessary revisions to the Federal Acquisition Regulation to implement new security standards and guidelines.
· Require any IoT devices purchased by the federal government to comply with those recommendations.
· Direct NIST to work with cybersecurity researchers, industry experts, and the Department of Homeland Security (DHS) to publish guidelines on vulnerability disclosure and remediation for federal information systems.
· Require contractors and vendors providing information systems to the U.S. government to adopt coordinated vulnerability disclosure policies, so that if a vulnerability is uncovered, that can be effectively shared with a vendor for remediation.