Internet of Things Cybersecurity Improvement Act introduced in US Senate and House of Representatives

The Internet of Things (IoT) Cybersecurity Improvement Act was introduced simultaneously in the US Senate and the House of Representatives. The proposed legislation aims to improve the security of IoT devices purchased by the government. The bill recommends the National Institute of Standards and Technology (NIST) be in charge of issuing periodical recommendations for the federal government concerning cybersecurity, identity management, patching, and configuration management of IoT devices. Vendors that provide IoT devices to the federal government would have to comply with NIST recommendations in the matter (e.g. accepting security patches, changing passwords) and they will have to adopt co-ordinated vulnerability disclosure policies, which means that once a vulnerability is uncovered, that information should be published and disseminated. In addition, the NIST will be in charge of working with cybersecurity experts to address any possible vulnerabilities related to governmental IoT devices.