Press "Enter" to skip to content

Looking at the new IoT Security Law

How about IoT and Security.   Highlighting a piece in IoT Business news, which digs into the IoT Cybersecurity Improvement Act of 2020.    The act overs development, management, configuration, and patching of IoT devices.  This law, signed last year, focuses on:

  • Standards and guidelines on use of these devices by the Fed
  • Prohibit use of IoT devices that do not comply with those requirements
  • Require NIST to publish the guidelines
  • And require contractors supplying the devices to the government to adopt vulnerability disclosure policies.

Why do we care?

Sure, the law focuses on the fed, but that’s how the government uses it’s position to make change.  It buys a lot of stuff, and now that stuff has to hit these minimums.

The publishing of the guidelines means providers can use them in their own shops.     Specifically, you should do it for IoT gear, but more broadly, it’s time now to gear up and have a process for incorporating guidelines and regulations into your practice.    You’re going to be doing it a lot more in the coming months, and if you don’t have a system, it’s WAY harder.   

Think agile – start practicing so the muscle gets better and better.  

Source: IoT Business News

Source: Security Magazine