Members of the US Senate and House of Representatives introduced the Internet of Things Cybersecurity Improvement Act
The Internet of Things (IoT) Cybersecurity Improvement Act was introduced simultaneously in the US Senate and the House of Representatives. According to publications in the matter, the proposed legislation aims to improve the security of the IoT devices purchased by the government. The bill recommends for the National Institute of Standards and Technology (NIST) to be in charge of issuing periodical recommendations for the federal government concerning cybersecurity, identity management, patching, and configuration management of IoT devices. Vendors that provide IoT devices to the federal government would have to comply with NIST recommendations in the matter (e.g. accepting security patches, changing passwords) and they will have to adopt coordinated vulnerability disclosure policies, which means that once a vulnerability is uncovered, that information should be published and disseminated. In addition, the NIST will be in charge of working with cybersecurity experts to address any possible vulnerabilities related to governmental IoT devices.