12/04/2020 Became Public Law No: 116-207. (All Actions)
Tracker:
This bill has the status Became Law
Here are the steps for Status of Legislation:
Introduced
Array
(
[actionDate] => 2020-09-14
[displayText] => Reported (Amended) by the Committee on Oversight and Reform. H. Rept. 116-501, Part I.
[externalActionCode] => 5000
[description] => Introduced
[chamberOfAction] => House
)
Passed House
Array
(
[actionDate] => 2020-09-14
[displayText] => Passed/agreed to in House: On motion to suspend the rules and pass the bill, as amended Agreed to by voice vote.
[externalActionCode] => 8000
[description] => Passed House
[chamberOfAction] => House
)
Passed Senate
Array
(
[actionDate] => 2020-11-17
[displayText] => Passed/agreed to in Senate: Passed Senate without amendment by Unanimous Consent.(consideration: CR S7043-7044)
[externalActionCode] => 17000
[description] => Passed Senate
[chamberOfAction] => Senate
)
To President
Array
(
[actionDate] => 2020-11-24
[displayText] => Presented to President.
[externalActionCode] => 28000
[description] => To President
[chamberOfAction] =>
)
Became Law
Array
(
[actionDate] => 2020-12-04
[displayText] => Became Public Law No: 116-207.
[externalActionCode] => 36000
[description] => Became Law
[chamberOfAction] =>
)
Internet of Things Cybersecurity Improvement Act of 2020 or the IoT Cybersecurity Improvement Act of 2020
This bill requires the National Institute of Standards and Technology (NIST) and the Office of Management and Budget (OMB) to take specified steps to increase cybersecurity for Internet of Things (IoT) devices. IoT is the extension of internet connectivity into physical devices and everyday objects.
Specifically, the bill requires NIST to develop and publish standards and guidelines for the federal government on the appropriate use and management by agencies of IoT devices owned or controlled by an agency and connected to information systems owned or controlled by an agency, including minimum information security requirements for managing cybersecurity risks associated with such devices.
The bill requires the OMB to review agency information security policies and principles on the basis of the NIST standards and guidelines and issue such policies and principles as necessary to ensure the agency policies and principles are consistent with the NIST standards and guidelines.
NIST shall review and revise, as appropriate, the standards and guidelines every five years. The OMB shall update any policy or principle to be consistent with NIST revisions.
NIST shall develop and publish guidelines for agency, contractor, and subcontractor communications regarding security vulnerabilities.
The OMB shall develop and oversee the implementation of policies, principles, standards, or guidelines as necessary to address security vulnerabilities of information systems.
An agency is prohibited from procuring, obtaining, or using an IoT device if the agency determines during a review of a contract that the use of such device prevents compliance with the standards and guidelines, subject to a waiver where necessary for national security, for research purposes, or where such device is secured using alternative effective methods.
The Government Accountability Office shall report to Congress on broader IoT efforts.
