Ask AI
Public Law116th CongressGovernment Operations and Politics
H.R. 1668Became Law

IoT Cybersecurity Improvement Act of 2020

This bill became law

Filed
Comm.
Floor
Both
Law

What it doesSummary public law (Dec 4, 2020)

Internet of Things Cybersecurity Improvement Act of 2020 or the IoT Cybersecurity Improvement Act of 2020

This bill requires the National Institute of Standards and Technology (NIST) and the Office of Management and Budget (OMB) to take specified steps to increase cybersecurity for Internet of Things (IoT) devices. IoT is the extension of internet connectivity into physical devices and everyday objects.

Specifically, the bill requires NIST to develop and publish standards and guidelines for the federal government on the appropriate use and management by agencies of IoT devices owned or controlled by an agency and connected to information systems owned or controlled by an agency, including minimum information security requirements for managing cybersecurity risks associated with such devices.

The bill requires the OMB to review agency information security policies and principles on the basis of the NIST standards and guidelines and issue such policies and principles as necessary to ensure the agency policies and principles are consistent with the NIST standards and guidelines.

NIST shall review and revise, as appropriate, the standards and guidelines every five years. The OMB shall update any policy or principle to be consistent with NIST revisions.

NIST shall develop and publish guidelines for agency, contractor, and subcontractor communications regarding security vulnerabilities.

The OMB shall develop and oversee the implementation of policies, principles, standards, or guidelines as necessary to address security vulnerabilities of information systems.

An agency is prohibited from procuring, obtaining, or using an IoT device if the agency determines during a review of a contract that the use of such device prevents compliance with the standards and guidelines, subject to a waiver where necessary for national security, for research purposes, or where such device is secured using alternative effective methods.

The Government Accountability Office shall report to Congress on broader IoT efforts.

What just happenedDec 4, 2020

Became Public Law No: 116-207.

Who’s behind it

Rep. Kelly, Robin L. [D-IL-2](D-IL)Sponsor
26 cosponsors14 D12 R
Read on Congress.gov
26cosponsors2committees29actions1related bills9subjects
  1. Dec 4, 2020President

    Became Public Law No: 116-207.

  2. Dec 4, 2020BecameLaw36000

    Became Public Law No: 116-207.

  3. Dec 4, 2020President

    Signed by President.

  4. Dec 4, 2020BecameLaw36000

    Signed by President.

  5. Nov 24, 2020Floor

    Presented to President.

  6. Nov 24, 2020President28000

    Presented to President.

  7. Nov 18, 2020Floor

    Message on Senate action sent to the House.

  8. Nov 17, 2020Floor

    Passed Senate without amendment by Unanimous Consent. (consideration: CR S7043-7044)

  9. Nov 17, 2020Floor17000

    Passed/agreed to in Senate: Passed Senate without amendment by Unanimous Consent.(consideration: CR S7043-7044)

  10. Sep 15, 2020IntroReferral

    Received in the Senate, read twice.

  11. Sep 14, 2020FloorH38800

    The title of the measure was amended. Agreed to without objection.

  12. Sep 14, 2020FloorH38310

    Motion to reconsider laid on the table Agreed to without objection.

  13. Sep 14, 2020FloorH37300

    On motion to suspend the rules and pass the bill, as amended Agreed to by voice vote. (text: CR H4351-4352)

  14. Sep 14, 2020Floor8000

    Passed/agreed to in House: On motion to suspend the rules and pass the bill, as amended Agreed to by voice vote.

  15. Sep 14, 2020FloorH8D000

    DEBATE - The House proceeded with forty minutes of debate on H.R. 1668.

  16. Sep 14, 2020FloorH30000

    Considered under suspension of the rules. (consideration: CR H4351-4354)

  17. Sep 14, 2020FloorH30300

    Mrs. Maloney, Carolyn B. moved to suspend the rules and pass the bill, as amended.

  18. Sep 14, 2020CalendarsH12410

    Placed on the Union Calendar, Calendar No. 402.

  19. Sep 14, 2020DischargeH12300

    Committee on Science, Space, and Technology discharged.

    Science, Space, and Technology Committee
  20. Sep 14, 2020Committee5500

    Committee on Science, Space, and Technology discharged.

    Science, Space, and Technology Committee
  21. Sep 14, 2020CommitteeH12200

    Reported (Amended) by the Committee on Oversight and Reform. H. Rept. 116-501, Part I.

    Oversight and Accountability Committee
  22. Sep 14, 2020Committee5000

    Reported (Amended) by the Committee on Oversight and Reform. H. Rept. 116-501, Part I.

    Oversight and Accountability Committee
  23. Jun 12, 2019Committee

    Ordered to be Reported in the Nature of a Substitute by Voice Vote.

    Oversight and Accountability Committee
  24. Jun 12, 2019Committee

    Committee Consideration and Mark-up Session Held.

    Oversight and Accountability Committee
  25. Mar 11, 2019Committee

    Referred to the Subcommittee on Research and Technology.

    Research and Technology Subcommittee
  26. Mar 11, 2019IntroReferralH11100

    Referred to the Committee on Oversight and Reform, and in addition to the Committee on Science, Space, and Technology, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.

    Science, Space, and Technology Committee
  27. Mar 11, 2019IntroReferralH11100

    Referred to the Committee on Oversight and Reform, and in addition to the Committee on Science, Space, and Technology, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.

    Oversight and Accountability Committee
  28. Mar 11, 2019IntroReferralIntro-H

    Introduced in House

  29. Mar 11, 2019IntroReferral1000

    Introduced in House

Public LawDec 4, 202049

Internet of Things Cybersecurity Improvement Act of 2020 or the IoT Cybersecurity Improvement Act of 2020

This bill requires the National Institute of Standards and Technology (NIST) and the Office of Management and Budget (OMB) to take specified steps to increase cybersecurity for Internet of Things (IoT) devices. IoT is the extension of internet connectivity into physical devices and everyday objects.

Specifically, the bill requires NIST to develop and publish standards and guidelines for the federal government on the appropriate use and management by agencies of IoT devices owned or controlled by an agency and connected to information systems owned or controlled by an agency, including minimum information security requirements for managing cybersecurity risks associated with such devices.

The bill requires the OMB to review agency information security policies and principles on the basis of the NIST standards and guidelines and issue such policies and principles as necessary to ensure the agency policies and principles are consistent with the NIST standards and guidelines.

NIST shall review and revise, as appropriate, the standards and guidelines every five years. The OMB shall update any policy or principle to be consistent with NIST revisions.

NIST shall develop and publish guidelines for agency, contractor, and subcontractor communications regarding security vulnerabilities.

The OMB shall develop and oversee the implementation of policies, principles, standards, or guidelines as necessary to address security vulnerabilities of information systems.

An agency is prohibited from procuring, obtaining, or using an IoT device if the agency determines during a review of a contract that the use of such device prevents compliance with the standards and guidelines, subject to a waiver where necessary for national security, for research purposes, or where such device is secured using alternative effective methods.

The Government Accountability Office shall report to Congress on broader IoT efforts.

Passed SenateNov 17, 202055

Internet of Things Cybersecurity Improvement Act of 2020 or the IoT Cybersecurity Improvement Act of 2020

This bill requires the National Institute of Standards and Technology (NIST) and the Office of Management and Budget (OMB) to take specified steps to increase cybersecurity for Internet of Things (IoT) devices. IoT is the extension of internet connectivity into physical devices and everyday objects.

Specifically, the bill requires NIST to develop and publish standards and guidelines for the federal government on the appropriate use and management by agencies of IoT devices owned or controlled by an agency and connected to information systems owned or controlled by an agency, including minimum information security requirements for managing cybersecurity risks associated with such devices.

The bill requires the OMB to review agency information security policies and principles on the basis of the NIST standards and guidelines and issue such policies and principles as necessary to ensure the agency policies and principles are consistent with the NIST standards and guidelines.

NIST shall review and revise, as appropriate, the standards and guidelines every five years. The OMB shall update any policy or principle to be consistent with NIST revisions.

NIST shall develop and publish guidelines for agency, contractor, and subcontractor communications regarding security vulnerabilities.

The OMB shall develop and oversee the implementation of policies, principles, standards, or guidelines as necessary to address security vulnerabilities of information systems.

An agency is prohibited from procuring, obtaining, or using an IoT device if the agency determines during a review of a contract that the use of such device prevents compliance with the standards and guidelines, subject to a waiver where necessary for national security, for research purposes, or where such device is secured using alternative effective methods.

The Government Accountability Office shall report to Congress on broader IoT efforts.

Passed HouseSep 14, 202053

Internet of Things Cybersecurity Improvement Act of 2020 or the IoT Cybersecurity Improvement Act of 2020

This bill requires the National Institute of Standards and Technology (NIST) and the Office of Management and Budget (OMB) to take specified steps to increase cybersecurity for Internet of Things (IoT) devices. IoT is the extension of internet connectivity into physical devices and everyday objects.

Specifically, the bill requires NIST to develop and publish standards and guidelines for the federal government on the appropriate use and management by agencies of IoT devices owned or controlled by an agency and connected to information systems owned or controlled by an agency, including minimum information security requirements for managing cybersecurity risks associated with such devices.

The bill requires the OMB to review agency information security policies and principles on the basis of the NIST standards and guidelines and issue such policies and principles as necessary to ensure the agency policies and principles are consistent with the NIST standards and guidelines.

NIST shall review and revise, as appropriate, the standards and guidelines every five years. The OMB shall update any policy or principle to be consistent with NIST revisions.

NIST shall develop and publish guidelines for agency, contractor, and subcontractor communications regarding security vulnerabilities.

The OMB shall develop and oversee the implementation of policies, principles, standards, or guidelines as necessary to address security vulnerabilities of information systems.

An agency is prohibited from procuring, obtaining, or using an IoT device if the agency determines during a review of a contract that the use of such device prevents compliance with the standards and guidelines, subject to a waiver where necessary for national security, for research purposes, or where such device is secured using alternative effective methods.

The Government Accountability Office shall report to Congress on broader IoT efforts.

Introduced in HouseMar 11, 2019

Internet of Things Cybersecurity Improvement Act of 2019 or the IoT Cybersecurity Improvement Act of 2019

This bill requires the National Institute of Standards and Technology (NIST) and the Office of Management and Budget (OMB) to take specified steps to increase cybersecurity for Internet of Things (IoT) devices. IoT is the extension of internet connectivity into physical devices and everyday objects.

The bill establishes September 30, 2019, as the deadline for the completion of NIST's efforts regarding considerations for managing IoT cybersecurity risks, especially regarding examples of possible cybersecurity capabilities of IoT devices. By March 31, 2020, NIST must develop recommendations for the appropriate use and management of IoT devices owned or controlled by the government, including minimum information security requirements for managing cybersecurity risks.

The OMB shall then issue guidelines for each agency that are consistent with such recommendations.

NIST and the OMB shall publish guidance on policies and procedures for the reporting, coordinating, publishing, and receiving of information about a security vulnerability relating to an IoT device used by the government and the resolution of such security vulnerability.

IoT Cybersecurity Improvement Act of 2020 — Informed