Legislation directing the National Institute of Standards and technology (“NIST”) to create standards and guidelines for securing Internet of Things (“IoT”) devices used by Federal agencies and their contractors recently passed the Senate and is heading to the President’s desk. We have been following this legislation closely for the past two years, here and here. The bill passed in the Senate without amendment by unanimous consent.
As a recap, should the President sign this legislation, NIST will be tasked with developing standards and guidelines related to the security of IoT devices used by Federal agencies. NIST also will develop guidelines for reporting, sharing, and communicating about identified security vulnerabilities with contractors and subcontractors. Finally, the legislation will prohibit agencies from procuring IoT devices not in compliance with the newly developed NIST standards and guidelines.
What does this mean for you? This legislation likely will impact most, if not all, organizations in the Internet of Things space – either directly, where an organization provides these devices to the federal government, or indirectly, where an organization may use the NIST standards as a baseline for the security of its devices.