Skip to content

Menu

ChannelsPublishersSubscribe
LexBlog, Inc. logo
LexBlog, Inc. logo
ProductsSub-MenuBlogsPortalsTwentySyndicationMicrositesResource Center
Join
Search
Close
Join the Movement. Blog 4 Good

IoT Legislation Advances in Congress

By Elfin Noce, Jonathan E. Meyer & Townsend Bourne
September 29, 2020
EmailTweetLikeLinkedIn
GovCon-Blog-Image-Cyber-Security-1-660x283

Congress recently advanced legislation that directs the National Institute of Standards and Technology (NIST) to create standards and guidelines for securing Internet of Things (“IoT”) devices used by Federal agencies and their contractors. We previously reported on this legislation in April of 2019 when it was introduced in the House (H.R. 1668) and the Senate (S. 734). On September 14, 2020, the House of Representatives passed the legislation on a voice vote.

Should this legislation become law, NIST will be tasked with developing standards and guidelines within 90 days of enactment on the security of IoT devices owned or controlled by a federal agency, or connected to information systems owned or controlled by an agency. These standards and guidelines are to be developed consistent with other NIST efforts regarding IoT devices, with a particular focus on secure development, identity management, patching and configuration management.

Within 180 days after enactment NIST also is to develop guidelines for reporting, coordinating, publishing, and receiving information about security vulnerabilities relating to agency information systems and for communicating about security vulnerabilities with contractors and subcontractors who provide information systems to an agency. This will apply to any federal government contractor or vendor.

Following these initial standards and guidelines, the Director of the Office of Management and Budget (“OMB”) then is tasked with issuing policies and principles consistent with such standards and guidelines. Within another two years from enactment, the Director of OMB is required to develop and oversee the implementation of policies, principles, standards, or guidelines to address security vulnerabilities of information systems (including IoT devices).

Finally, if passed, the legislation will prohibit an agency from procuring or using IoT devices that are not in compliance with the standards and guidelines developed by NIST, and the Federal Acquisition Regulation (“FAR”) will be revised as necessary to implement the standards and guidelines.

What does this mean for you? As we mentioned when this legislation first was proposed, this legislation likely will impact most, if not all, organizations in the Internet of Things space – either directly, where an organization provides these devices to the federal government, or indirectly, where an organization may use the NIST standards as a baseline for the security of its devices.

We will continue to pay close attention to developments regarding this legislation in the Senate and provide updates as they occur.

Photo of Elfin Noce Elfin Noce

Elfin Noce is an associate in the Business Trial Practice Group in the firm’s Washington, D.C. office. He also is a member of the Privacy and Cybersecurity Team.

Read more about Elfin NoceEmail
Photo of Jonathan E. Meyer Jonathan E. Meyer

Jonathan Meyer is a partner in the Government Contracts, Investigations and International Trade Practice Group in the firm’s Washington, D.C. office.

Read more about Jonathan E. MeyerEmail
Photo of Townsend Bourne Townsend Bourne

Townsend Bourne is a partner in the Government Contracts, Investigations and International Trade Practice Group in the firm’s Washington, D.C. office. She also is Leader of the firm’s Aerospace, Defense & Government Services Team.

Read more about Townsend BourneEmail
  • Posted in:
    Administrative
  • Blog:
    Government Contracts & Investigations Blog
  • Organization:
    Sheppard, Mullin, Richter & Hampton LLP
  • Article: View Original Source

Stay Connected

Facebook LinkedIn Twitter RSS
Real Lawyers

Company

  • About LexBlog
  • Careers
  • Press
  • Contact LexBlog
  • Privacy Policy
  • Editorial Policy
  • Disclaimer
  • Terms of Service
  • RSS Terms of Service

Products

  • Products
  • Blogs
  • Portals
  • Twenty
  • Syndication
  • Microsites

Support

  • 1-800-913-0988
  • Submit a Request
  • Support Center
  • System Status
  • Resource Center

New to the Network

  • The Law of Order
  • The HB Blog
  • The Tax Trotter
  • The Westchester Litigator
  • Data Privacy + Cybersecurity Insider
Copyright © 2021, LexBlog, Inc. All Rights Reserved.
Powered By LexBlog