After receiving rare bipartisan support, the Internet of Things Cybersecurity Improvement Act is headed to President Donald Trump for signature…
After receiving rare bipartisan support, the Internet of Things Cybersecurity Improvement Act is headed to President Donald Trump for signature. The bill establishes minimum security standards for Internet of Things (IoT) devices owned or controlled by the Federal Government.
The House of Representatives passed the IoT Cybersecurity Improvement Act (H.R. 1668) in September, and the Senate approved it on November 17 by unanimous consent. President Donald Trump is expected to sign the bill.
“While more and more products and even household appliances today have software functionality and internet connectivity, too few incorporate even basic safeguards and protections, posing a real risk to individual and national security,” Sens. Mark R. Warner (D-VA) and Cory Gardner (R-CO) said in a press statement. “I’m proud that Congress was able to come together today to pass this legislation, which will harness the purchasing power of the federal government and incentivize companies to finally secure the devices they create and sell.”
Proliferation of IoT Devices
The term “Internet of Things” (IoT) refers to the billions of physical devices around the world that are now connected to the internet, all collecting and sharing data. Essentially, any physical object can be transformed into an IoT device if it can be connected to the Internet to be controlled or communicate information. These devices include everyday objects, from home security systems to pacemakers which send and receive data via an Internet connection. With the growing popularity of virtual assistants like Amazon’s Alexa, internet connectivity is a growing feature on a wide range of electronic devices. The IoT technology reached 100 billion dollars in market revenue for the first time in 2017, and the figure is predicted to grow to approximately 1.6 trillion by 2025.
The IoT Cybersecurity Improvement Act would require the National Institute of Standards and Technology (NIST) to develop standards and guidelines for the Federal Government on the appropriate use and management by agencies of IoT devices owned or controlled by an agency and connected to information systems owned or controlled by an agency, including minimum information security requirements for managing cybersecurity risks associated with such devices. The standards must be published within 90 days of enactment.
In developing the standards and guidelines, NIST must ensure that its efforts are consistent with its existing protocols regarding examples of possible security vulnerabilities of IoT devices; and considerations for managing the security vulnerabilities of IoT devices. It must also address the following with respect to IoT devices: (i) secure development; (ii) identity management; (iii) patching; and (iv) configuration management.
In addition to mandating NIST standards, the IoT Cybersecurity Improvement Act would also:
Direct the Office of Management and Budget (OMB) to issue guidelines for each agency that are consistent with the NIST recommendations, including making any necessary revisions to the Federal Acquisition Regulation to implement new security standards and guidelines.
Require any IoT devices purchased by the federal government to comply with those recommendations.
Direct NIST to work with cybersecurity researchers, industry experts, and the Department of Homeland Security (DHS) to publish guidelines on vulnerability disclosure and remediation for federal information systems.
Require contractors and vendors providing information systems to the U.S. government to adopt coordinated vulnerability disclosure policies, so that if a vulnerability is uncovered, that can be effectively shared with a vendor for remediation.
Key Takeaway
The Internet of Things Cybersecurity Improvement Act would only apply to federally-procured IoT devices. However, the legislation is likely to spur efforts to create a standard for the private sector as well.
If you have questions, please contact us
If you have any questions or if you would like to discuss the matter further, please contact me, Maryam Meseha, or the Scarinci Hollenbeck attorney with whom you work, at 201-896-4100.
Non-disclosure agreements (NDAs) remain a critical tool for protecting sensitive business information. However, New York NDA requirements have evolved, and businesses must ensure these agreements are carefully drafted to remain enforceable. In a competitive market like New York City, NDAs are commonly used to protect proprietary information, client relationships, and strategic plans. At the same […]
How Courts Evaluate Testamentary Capacity and Undue Influence Will contests in New Jersey are difficult to win, given the strong presumption that a properly executed will reflects the testator’s intent. However, challenges based on lack of testamentary capacity and undue influence remain common, particularly where there are concerns about mental capacity or the involvement of […]
Bringing on outside investors can provide the capital and strategic support a business needs to grow. However, raising capital also introduces important legal, financial, and operational considerations. Before bringing on investors, businesses should address key legal issues to reduce risk, streamline investor due diligence, and position the company for long-term success. Early preparation signals that […]
How the Updated Law Shapes Retirement and Estate Planning The SECURE 2.0 Act of 2022 materially reshapes the required minimum distribution (RMD) landscape, extending tax deferral opportunities while accelerating distribution requirements for many beneficiaries. For high-net-worth individuals and families, these changes are not merely technical. They require a reassessment of retirement income strategies, beneficiary planning, […]
Buying Commercial Property in New Jersey: Legal Guide for Small Businesses
Small businesses considering buying commercial property in New Jersey must evaluate a range of legal, financial, and operational factors. While ownership can offer long-term value and control, it also introduces significant risks if not properly structured. This guide outlines key considerations to help New Jersey business owners make informed decisions, minimize legal exposure, and successfully […]
The SEC’s Latest Guidance on Applying Federal Securities Laws to Tokenized Securities
On January 28, 2026, staff of the U.S. Securities and Exchange Commission’s Divisions of Corporation Finance, Investment Management, and Trading and Markets issued a joint statement clarifying how existing federal securities laws apply to tokenized securities. The SEC’s “Statement on Tokenized Securities” does not establish new law, but it does provide greater clarity on the […]
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Sign up to get the latest from our attorneys!
Explore What Matters Most to You.
Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.
Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.
Let`s get in touch!
Sign up to get the latest from the Scarinci Hollenbeck, LLC attorneys!
