On August 1, 2017, the Senate Cybersecurity Caucus introduced the “Internet of Things (IoT) Cybersecurity Improvement Act of 2017,” bi-partisan legislation focused on establishing minimum security requirements for the federal procurement of Internet connected devices (#IoT).
The legislation is directed at vendors who supply IoT devices to the federal government. It requires that such products are patchable and conform to industry standards as established by NIST and prohibits those that have hard coded / unchangeable passwords or known security vulnerabilities unless these deficiencies can be addressed by other compensating controls. It also seeks to establish certain protocols and protections for security researchers who are researching in good faith.
Here is a link to the Bill and Fact Sheet. Companion legislation is expected to be introduced shortly by the House Cybersecurity Caucus.
______________________
Shawn Tuma (@shawnetuma) is an attorney with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Attorney at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.