US Senate passes Internet of Things Cybersecurity Improvement Act

The US Senate passed by unanimous consent H.R. 1668, the Internet of Things Cybersecurity Improvement Act. The House had previously passed the bill in September, and it now heads to the president’s desk for his signature. According to the legislation, the National Institute of Standards and Technology (NIST) will be tasked with the following: (1) Issuing recommendations concerning secure development, identity management, patching, and configuration management for IoT devices; (2) requiring any IoT devices purchased by the federal government to comply with those recommendations; (3) publishing guidelines on vulnerability disclosure and remediation for federal information systems; and (4) requiring contractors and vendors providing IoT systems to the government to adopt co-ordinated vulnerability disclosure policies, so that any discovered vulnerabilities will be shared with a vendor for remediation.