Don't be too shocked, but it looks as though these politicians have actually got their act together on IoT security

www.theregister.co.uk | 3/31/2020 | Staff
fufu-fefefufu-fefe (Posted by) Level 4
Click For Photo: https://regmedia.co.uk/2019/03/13/shutterstock_futuristic_ui.jpg

Analysis In an all-too-rare sign of Congress doing its job, on Wednesday US lawmakers introduced a new law bill aimed at improving the security of the internet-of-things.

The legislation has been introduced into both the House and the Senate with politicians from both sides supporting it. What's more, the Internet of Things (IoT) Cybersecurity Improvement Act has the backing of industry and security experts and is well written.

Essence - Law - America - National - Institute

In essence, the proposed law would require America's National Institute of Standards and Technology (NIST) to come up with guidelines for IoT devices and would require any federal agency to only buy products from companies that met those guidelines.

This puts the issue of what actual standards are introduced into the hands of the experts, and uses the power of federal procurement to create a de facto industry standard. Companies will still be able to create insecure products and market them to the general public, but they would be competing with existing products that can advertise their standard-readiness.

Law - Deadlines - Progress - NIST - Framework

The law even provides realistic but firm deadlines on progress: NIST would be required to give a framework by September 30 and formal recommendations by March 31, 2020. The rules would have to be reviewed and revised every five years.

And in a further sign that Congressmen have actually been listening to people who know what they're talking about, the law gives a minimum list of considerations to be covered by NIST: secure development, identity management, patching and configuration management.

Law - General - Services - Administration - Arm

And the law would require the General Services Administration – the arm of the federal government that sources products and comms for federal agencies – to come up with guidelines that would require each agency to report and publish details of security vulnerabilities, and how they resolved them, and coordinate with other agencies.

It's perhaps no wonder then that respected names...
(Excerpt) Read more at: www.theregister.co.uk
Wake Up To Breaking News!
Do you exist for Something or Nothing?
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!