Number: 116-19 Date: September 22, 2020
House Passes H.R. 1668, the"Internet of Things (IoT) Cybersecurity Improvement Act of 2020"
On September 14, 2020, the House passed H.R. 1668, the Internet of Things (IoT) Cybersecurity Improvement Act of 2020, with amendments by voice vote on motion to suspend the rules. The legislation would require the National Institute of Standards and Technology (NIST) to develop and publish standards and guidelines for Federal Government use and management of IoT devices1. The bill now moves to the Senate for action.
H.R. 1668 includes the following provisions of interest to SSA:
Section. 4. Security Standards and Guidelines for Agencies on Use and Management of Internet of Things Devices.
Section. 5. Guidelines on the Disclosure Process for Security Vulnerabilities Relating to Information System, Including Internet of Things Devices.
Section. 6. Implementation of Coordinated Disclosure of Security Vulnerabilities Relating to Agency Information Systems, Including Internet of Things Devices.
Section. 7. Contractor Compliance with Coordinated Disclosure of Security Vulnerabilities Relating to Agency Internet of Things Devices.
Unless otherwise stated, the provisions in this Act would be effective upon enactment.https://www.ssa.gov/legislation/legis_bulletin_092220.html
1Per NIST Internal Report 8259 page iv, IoT devices are not conventional Information Technology devices, such as smartphones and laptops, for which cybersecurity features are already understood. They are devices that interact directly with the physical world and can function on their own, not only as a component of another devise.