Congress is making its third attempt to mandate minimum security standards for IoT devices with The Internet of Things (IoT) Cybersecurity Improvement Act of 2019. This bill would create recommendations for IoT security and regularly reviewed, agency-specific IoT guidelines, as well as restricting federal purchasing to devices that comply with those requirements. In addition, the bill would require the government to work with cybersecurity researchers to create processes for all agencies to identify and mitigate IoT vulnerabilities, as well as requiring any contractors and vendors that sell IoT devices to federal customers to develop shared disclosure policies to better disseminate information about vulnerabilities.
Although the bipartisan bill would only apply to IoT-related devices procured by the U.S. government, Xantrion assumes any vendors hoping for government contracts would adhere to the bill’s requirements for all of their products.
We applaud this proposed legislation and California’s proposed IoT security regulations as steps toward a safer cyber world! Make sure you’re ahead of IoT legislation by checking out our managed security offering or contacting us.