Internet of Things Cybersecurity Improvement Act of 2019 Bill Introduced in US House

ethics, Federal Government, procurement

Vendors selling internet-of-things (IoT) to the federal government may soon be required to follow certain security guidelines concerning those devices.

House Bill 1668, the Internet of Things Cybersecurity Improvement Act of 2019, introduced into the U.S. House of Representatives on March 11, would require all federal contracts involving the purchase and use of internet-connected devices meet certain security requirements to better ensure these devices are secure against cyber-attacks.

The legislation requires contractors and vendors providing internet-of-things devices to the U.S. government adopt coordinated vulnerability disclosure policies, so that if a vulnerability is uncovered, that information is disseminated.

The bill also requires the National Institute of Standards and Technology (NIST) to issue recommendations addressing, at a minimum, secure development, identity management, patching, and configuration management for IoT devices.

Additionally, the legislation directs the Office of Management and Budget (OMB) to issue guidelines for each agency consistent with the NIST recommendations and mandates the OMB with reviewing these policies at least every five years.

“As the government continues to purchase and use more and more internet-connected devices, we must ensure that these devices are secure. Everything from our national security to the personal information of American citizens could be vulnerable because of security holes in these devices,” said the bill’s sponsor, Congresswoman Robin Kelly, in her press release.