skip to main content

H.R. 1668 (116th): IoT Cybersecurity Improvement Act of 2020

We don’t have a summary available yet.

The summary below was written by the Congressional Research Service, which is a nonpartisan division of the Library of Congress, and was published on Dec 14, 2020.

Internet of Things Cybersecurity Improvement Act of 2020 or the IoT Cybersecurity Improvement Act of 2020

This bill requires the National Institute of Standards and Technology (NIST) and the Office of Management and Budget (OMB) to take specified steps to increase cybersecurity for Internet of Things (IoT) devices. IoT is the extension of internet connectivity into physical devices and everyday objects.

Specifically, the bill requires NIST to develop and publish standards and guidelines for the federal government on the appropriate use and management by agencies of IoT devices owned or controlled by an agency and connected to information systems owned or controlled by an agency, including minimum information security requirements for managing cybersecurity risks associated with such devices.

The bill requires the OMB to review agency information security policies and principles on the basis of the NIST standards and guidelines and issue such policies and principles as necessary to ensure the agency policies and principles are consistent with the NIST standards and guidelines.

NIST shall review and revise, as appropriate, the standards and guidelines every five years. The OMB shall update any policy or principle to be consistent with NIST revisions.

NIST shall develop and publish guidelines for agency, contractor, and subcontractor communications regarding security vulnerabilities.

The OMB shall develop and oversee the implementation of policies, principles, standards, or guidelines as necessary to address security vulnerabilities of information systems.

An agency is prohibited from procuring, obtaining, or using an IoT device if the agency determines during a review of a contract that the use of such device prevents compliance with the standards and guidelines, subject to a waiver where necessary for national security, for research purposes, or where such device is secured using alternative effective methods.

The Government Accountability Office shall report to Congress on broader IoT efforts.