The Senate passed by unanimous consent legislation last week to mandate certain security requirements for internet of things devices purchased by the federal government, moving forward legislation that had been stalled on Capitol Hill since 2017.
If signed into law by the president, the bill will task the National Institute of Standards and Technology with issuing recommendations for secure development, identity management, patching and configuration management for IoT devices. The Office of Management and Budget would be required to issue guidelines to federal agencies that are consistent with NIST’s recommendations.
Why do we care?
NIST is a capable organization to manage these regulations, and if you’re not already embracing their frameworks, get moving. This is a non-controversial law, and so there’s little reason to think it won’t be signed by the President.
Sure, its just government used devices… but that is how the power of the government is used. It doesn’t make much sense to build two devices, so this will begin to become to defacto standard.
We’re now watching for the project to take shape.