October 24, 2020

Volume X, Number 298

Advertisement

October 23, 2020

Subscribe to Latest Legal News and Analysis

October 22, 2020

Subscribe to Latest Legal News and Analysis

October 21, 2020

Subscribe to Latest Legal News and Analysis

IoT Legislation Advances in Congress

Congress recently advanced legislation that directs the National Institute of Standards and Technology (NIST) to create standards and guidelines for securing Internet of Things (“IoT”) devices used by Federal agencies and their contractors. We previously reported on this legislation in April of 2019 when it was introduced in the House (H.R. 1668) and the Senate (S. 734). On September 14, 2020, the House of Representatives passed the legislation on a voice vote.

Should this legislation become law, NIST will be tasked with developing standards and guidelines within 90 days of enactment on the security of IoT devices owned or controlled by a federal agency, or connected to information systems owned or controlled by an agency. These standards and guidelines are to be developed consistent with other NIST efforts regarding IoT devices, with a particular focus on secure development, identity management, patching and configuration management.

Within 180 days after enactment NIST also is to develop guidelines for reporting, coordinating, publishing, and receiving information about security vulnerabilities relating to agency information systems and for communicating about security vulnerabilities with contractors and subcontractors who provide information systems to an agency. This will apply to any federal government contractor or vendor.

Following these initial standards and guidelines, the Director of the Office of Management and Budget (“OMB”) then is tasked with issuing policies and principles consistent with such standards and guidelines. Within another two years from enactment, the Director of OMB is required to develop and oversee the implementation of policies, principles, standards, or guidelines to address security vulnerabilities of information systems (including IoT devices).

Finally, if passed, the legislation will prohibit an agency from procuring or using IoT devices that are not in compliance with the standards and guidelines developed by NIST, and the Federal Acquisition Regulation (“FAR”) will be revised as necessary to implement the standards and guidelines.

What does this mean for you? As we mentioned when this legislation first was proposed, this legislation likely will impact most, if not all, organizations in the Internet of Things space – either directly, where an organization provides these devices to the federal government, or indirectly, where an organization may use the NIST standards as a baseline for the security of its devices.

Copyright © 2020, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume X, Number 273
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

Elfin Noce Business Trial Attorney
Associate

Elfin L. Noce is an Associate in the Business Trial Practice Group in the firm's Washington, D.C. office.

Practices

  • Litigation

Industries

  • Communications

Education

  • J.D., University of Missouri, Columbia, 2005

  • B.A., Truman State University, 2000

Admissions

  • *Not admitted in District of Columbia; supervised by partners of the firm

  • Missouri

202.747.2196
Townsend Bourne, Government Affairs Attorney, Sheppard Mullin Law FIrm
Associate

Ms. Bourne's practice focuses on Government Contracts law and litigation. Her experience includes complex litigation in connection with the False Claims Act, bid protest actions both challenging and defending agency decisions on contract awards before the Government Accountability Office and Court of Federal Claims, claims litigation before the Armed Services Board of Contract Appeals and the Civilian Board of Contract Appeals, investigating and preparing contractor claims, and conducting internal investigations. 

Ms. Bourne advises clients on a wide variety of matters relating to government contracts, including contract administration, procurement integrity, the FAR Mandatory Disclosure Rule, and GSA’s Multiple Award Schedule (MAS) Program.  In addition to her practice, Ms. Bourne writes frequently on legal and regulatory developments affecting the Government Contracts industry.

202-469-4917
Jonathan E. Meyer, Sheppard Mullin, International Trade Lawyer, Encryption Technology Attorney
Partner

Jon Meyer is a partner in the Government Contracts, Investigations & International Trade Practice Group in the firm's Washington, D.C. office.

Mr. Meyer was most recently Deputy General Counsel at the United States Department of Homeland Security, where he advised the Secretary, Deputy Secretary, General Counsel, Chief of Staff and other senior leaders on law and policy issues, such as cyber security, airline security, high technology, drones, immigration reform, encryption, and intelligence law. He also oversaw all litigation at DHS,...

202-747-1920
Advertisement
Advertisement