Security standards and guidelines for agencies on use and management of Internet of Things devices

15 U.S. Code § 278g-3b. Security standards and guidelines for agencies on use and management of Internet of Things devices

(a) National Institute of Standards and Technology development of standards and guidelines for use of Internet of Things devices by agencies
(1) In general
Not later than 90 days after December 4, 2020, the Director of the Institute shall develop and publish under section 278g–3 of this title standards and guidelines for the Federal Government on the appropriate use and management by agencies of Internet of Things devices owned or controlled by an agency and connected to information systems owned or controlled by an agency, including minimum information security requirements for managing cybersecurity risks associated with such devices.
(2) Consistency with ongoing effortsThe Director of the Institute shall ensure that the standards and guidelines developed under paragraph (1) are consistent with the efforts of the National Institute of Standards and Technology in effect on December 4, 2020
(A) regarding—
(i)
examples of possible security vulnerabilities of Internet of Things devices; and
(ii)
considerations for managing the security vulnerabilities of Internet of Things devices; and
(B) with respect to the following considerations for Internet of Things devices:
(i)
Secure Development.
(ii)
Identity management.
(iii)
Patching.
(iv)
Configuration management.
This document is only available to subscribers. Please log in or purchase access.