After receiving rare bipartisan support, the Internet of Things Cybersecurity Improvement Act is headed to President Donald Trump for signature…
After receiving rare bipartisan support, the Internet of Things Cybersecurity Improvement Act is headed to President Donald Trump for signature. The bill establishes minimum security standards for Internet of Things (IoT) devices owned or controlled by the Federal Government.
The House of Representatives passed the IoT Cybersecurity Improvement Act (H.R. 1668) in September, and the Senate approved it on November 17 by unanimous consent. President Donald Trump is expected to sign the bill.
“While more and more products and even household appliances today have software functionality and internet connectivity, too few incorporate even basic safeguards and protections, posing a real risk to individual and national security,” Sens. Mark R. Warner (D-VA) and Cory Gardner (R-CO) said in a press statement. “I’m proud that Congress was able to come together today to pass this legislation, which will harness the purchasing power of the federal government and incentivize companies to finally secure the devices they create and sell.”
Proliferation of IoT Devices
The term “Internet of Things” (IoT) refers to the billions of physical devices around the world that are now connected to the internet, all collecting and sharing data. Essentially, any physical object can be transformed into an IoT device if it can be connected to the Internet to be controlled or communicate information. These devices include everyday objects, from home security systems to pacemakers which send and receive data via an Internet connection. With the growing popularity of virtual assistants like Amazon’s Alexa, internet connectivity is a growing feature on a wide range of electronic devices. The IoT technology reached 100 billion dollars in market revenue for the first time in 2017, and the figure is predicted to grow to approximately 1.6 trillion by 2025.
The IoT Cybersecurity Improvement Act would require the National Institute of Standards and Technology (NIST) to develop standards and guidelines for the Federal Government on the appropriate use and management by agencies of IoT devices owned or controlled by an agency and connected to information systems owned or controlled by an agency, including minimum information security requirements for managing cybersecurity risks associated with such devices. The standards must be published within 90 days of enactment.
In developing the standards and guidelines, NIST must ensure that its efforts are consistent with its existing protocols regarding examples of possible security vulnerabilities of IoT devices; and considerations for managing the security vulnerabilities of IoT devices. It must also address the following with respect to IoT devices: (i) secure development; (ii) identity management; (iii) patching; and (iv) configuration management.
In addition to mandating NIST standards, the IoT Cybersecurity Improvement Act would also:
Direct the Office of Management and Budget (OMB) to issue guidelines for each agency that are consistent with the NIST recommendations, including making any necessary revisions to the Federal Acquisition Regulation to implement new security standards and guidelines.
Require any IoT devices purchased by the federal government to comply with those recommendations.
Direct NIST to work with cybersecurity researchers, industry experts, and the Department of Homeland Security (DHS) to publish guidelines on vulnerability disclosure and remediation for federal information systems.
Require contractors and vendors providing information systems to the U.S. government to adopt coordinated vulnerability disclosure policies, so that if a vulnerability is uncovered, that can be effectively shared with a vendor for remediation.
Key Takeaway
The Internet of Things Cybersecurity Improvement Act would only apply to federally-procured IoT devices. However, the legislation is likely to spur efforts to create a standard for the private sector as well.
If you have questions, please contact us
If you have any questions or if you would like to discuss the matter further, please contact me, Maryam Meseha, or the Scarinci Hollenbeck attorney with whom you work, at 201-896-4100.
Special purpose acquisition companies (better known as SPACs) appear to be making a comeback. SPAC offerings for 2025 have already nearly surpassed last year’s totals, with additional transactions in the pipeline. SPACs last experienced a boom between 2020–2021, with approximately 600 U.S. companies raising a record $163 billion in 2021. Notable companies that went public […]
Short Form Merger: Streamlining the Process for Businesses
Merging two companies is a complex legal and business transaction. A short form merger, in which an acquiring company merges with a subsidiary corporation, offers a more streamlined process that involves important corporate governance considerations. A short form merger, in which an acquiring company merges with a subsidiary corporation, offers a more streamlined process. However, […]
Tariff Response Options for Small Businesses Facing Financial Distress
The Trump Administration’s new tariffs are having an oversized impact on small businesses, which already tend to operate on razor thin margins. Many businesses have been forced to raise prices, find new suppliers, lay off staff, and delay growth plans. For businesses facing even more dire financial circumstances, there are additional tariff response options, including […]
Common Causes of Partnership Disputes and How to Resolve Them
Business partnerships, much like marriages, function exceptionally well when partners are aligned but can become challenging when disagreements arise. Partnership disputes often stem from conflicts over business strategy, financial management, and unclear role definitions among partners. Understanding Business Partnership Conflicts Partnership conflicts place significant stress on businesses, making proactive measures essential. Partnerships should establish detailed […]
Businesses Are Facing Financial Headwinds—A Practical Guide
*** The original article was featured on Bloomberg Tax, April 28, 2025 — As a tax attorney who spends much of my time helping people and companies who have large, unresolved issues with the IRS or one or more state tax departments, it often occurs to me that the best service that I can provide […]
President Trump's Termination of Member Gwynne Wilcox
On January 28, 2025, the Trump Administration terminated Gwynne Wilcox from her position as a Member of the National Labor Relations Board (NLRB or the Board). Gwynne Wilcox, a union side lawyer for Levy Ratner, was confirmed to the Board for an original term in 2021 and confirmed again for a successive five-year term expiring […]
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Sign up to get the latest from our attorneys!
Explore What Matters Most to You.
Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.
Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.
Let`s get in touch!
Sign up to get the latest from the Scarinci Hollenbeck, LLC attorneys!
