May 23, 2022

Volume XII, Number 143


May 20, 2022

Subscribe to Latest Legal News and Analysis

IoT Legislation Advances in Congress

Congress recently advanced legislation that directs the National Institute of Standards and Technology (NIST) to create standards and guidelines for securing Internet of Things (“IoT”) devices used by Federal agencies and their contractors. We previously reported on this legislation in April of 2019 when it was introduced in the House (H.R. 1668) and the Senate (S. 734). On September 14, 2020, the House of Representatives passed the legislation on a voice vote.

Should this legislation become law, NIST will be tasked with developing standards and guidelines within 90 days of enactment on the security of IoT devices owned or controlled by a federal agency, or connected to information systems owned or controlled by an agency. These standards and guidelines are to be developed consistent with other NIST efforts regarding IoT devices, with a particular focus on secure development, identity management, patching and configuration management.

Within 180 days after enactment NIST also is to develop guidelines for reporting, coordinating, publishing, and receiving information about security vulnerabilities relating to agency information systems and for communicating about security vulnerabilities with contractors and subcontractors who provide information systems to an agency. This will apply to any federal government contractor or vendor.

Following these initial standards and guidelines, the Director of the Office of Management and Budget (“OMB”) then is tasked with issuing policies and principles consistent with such standards and guidelines. Within another two years from enactment, the Director of OMB is required to develop and oversee the implementation of policies, principles, standards, or guidelines to address security vulnerabilities of information systems (including IoT devices).

Finally, if passed, the legislation will prohibit an agency from procuring or using IoT devices that are not in compliance with the standards and guidelines developed by NIST, and the Federal Acquisition Regulation (“FAR”) will be revised as necessary to implement the standards and guidelines.

What does this mean for you? As we mentioned when this legislation first was proposed, this legislation likely will impact most, if not all, organizations in the Internet of Things space – either directly, where an organization provides these devices to the federal government, or indirectly, where an organization may use the NIST standards as a baseline for the security of its devices.

Copyright © 2022, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume X, Number 273

About this Author

Elfin Noce Business Trial Attorney

Elfin L. Noce is an Associate in the Business Trial Practice Group in the firm's Washington, D.C. office.


  • Litigation


  • Communications


  • J.D., University of Missouri, Columbia, 2005

  • B.A., Truman State University, 2000


  • *Not admitted in District of Columbia; supervised by partners of the firm

  • Missouri

Townsend Bourne, Government Affairs Attorney, Sheppard Mullin Law FIrm

Ms. Bourne's practice focuses on Government Contracts law and litigation. Her experience includes complex litigation in connection with the False Claims Act, bid protest actions both challenging and defending agency decisions on contract awards before the Government Accountability Office and Court of Federal Claims, claims litigation before the Armed Services Board of Contract Appeals and the Civilian Board of Contract Appeals, investigating and preparing contractor claims, and conducting internal investigations. 

Ms. Bourne advises clients on a...

Jonathan E. Meyer, Sheppard Mullin, International Trade Lawyer, Encryption Technology Attorney

Jon Meyer is a partner in the Government Contracts, Investigations & International Trade Practice Group in the firm's Washington, D.C. office.

Mr. Meyer was most recently Deputy General Counsel at the United States Department of Homeland Security, where he advised the Secretary, Deputy Secretary, General Counsel, Chief of Staff and other senior leaders on law and policy issues, such as cyber security, airline security, high technology, drones, immigration reform, encryption, and intelligence law. He also oversaw all litigation at DHS,...