IoT Cybersecurity Improvement Act of 2017 proposed by Senate Cybersecurity Caucus

On August 1, 2017, the Senate Cybersecurity Caucus introduced the “Internet of Things (IoT) Cybersecurity Improvement Act of 2017,” bi-partisan legislation focused on establishing minimum security requirements for the federal procurement of Internet connected devices (#IoT).

The legislation is directed at vendors who supply IoT devices to the federal government. It requires that such products are patchable and conform to industry standards as established by NIST and prohibits those that have hard coded / unchangeable passwords or known security vulnerabilities unless these deficiencies can be addressed by other compensating controls. It also seeks to establish certain protocols and protections for security researchers who are researching in good faith.

Here is a link to the Bill and Fact Sheet. Companion legislation is expected to be introduced shortly by the House Cybersecurity Caucus.


Shawn Tuma (@shawnetuma) is an attorney with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Attorney at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s