U.S. IoT Cybersecurity Bill Reaches Full Senate
IoT security bills passes.
THE IoT Cybersecurity bill introduced in March passed through the Senate Homeland Security and Governmental Affairs on June 19 and is now headed to the full Senate for a vote. It’s a bill likely to have an impact on electronic security and automation solutions.
The bill was introduced in March and would “require that devices purchased by the U.S. government meet minimum security requirements.”
That version of the bill passed out of the House Committee on Oversight and Reform 2 weeks ago, and the Senate bill now includes vendors as well as devices.
As passed out of the Committee last week, the bill would specifically:
* Require the National Institute of Standards and Technology (NIST) to issue recommendations addressing, at a minimum, secure development, identity management, patching, and configuration management for IOT devices.
* Direct the Office of Management and Budget (OMB) to issue guidelines for each agency that are consistent with the NIST recommendations, and charge OMB with reviewing these policies at least every five years.
* Require any Internet-connected devices purchased by the federal government to comply with those recommendations.
* Direct NIST to work with cybersecurity researchers, industry experts, and the Department of Homeland Security (DHS) to publish guidance on coordinated vulnerability disclosure to ensure that vulnerabilities related to agency devices are addressed.
* Require contractors and vendors providing information systems to the U.S. government to adopt coordinated vulnerability disclosure policies, so that if a vulnerability is uncovered, that if a vulnerability is uncovered, that can be effectively shared with a vendor for remediation.