The IoT Cybersecurity Improvement Act Aims to Safeguard U.S. Government’s IoT Devices
There number of Internet of Things (IoT) devices is on track to exceed 21.5 billion by 2025, which will create countless ways for cybercrooks to enter networks and do their worst. With that in mind, the IoT Cybersecurity Act was enacted in the United States last December.
The legislation outlines security requirements that federal devices connected to the Internet of Things need to contain moving forward. Since IoT devices can be particularly vulnerable to cyberattacks, they need to be secure to protect sensitive data. This act reaches beyond government agencies to the manufacturers creating federal IoT devices and any government contractors using IoT devices.
The NIST has a big role in the IoT Cybersecurity Improvement Act. The act requires NIST to create guidelines and standards for managing federal IoT devices by early March 2021, and the organization is still working on the guidance. The guidelines will address the cybersecurity risks that IoT devices might have and to establish minimum security standards every five years to keep up with any new data concerns.
NIST released drafts of the guidelines shortly after the law passed in December 2020, which discussed the proper security requirements for IoT devices. The drafts covered what agencies need to look for to ensure their devices are secure and how manufacturers should configure devices that they make for the federal government.
While the final draft of this guideline is under review, your organization can begin auditing your compliance obligations by reviewing NIST’s draft publications for the IoT Cybersecurity Improvement Act. To best navigate these guidelines, partner with 2W Tech. We’re an IT consultant with decades of experience in compliance regulation, and you can rely on our Cybersecurity Compliance Program to keep you compliant with your industry’s mandates. Contact us today to learn more.