Skip to main content
HR 1668 116th Congress House Government Operations and Politics Administrative law and regulatory procedures Computer security and identity theft Computers and information technology Government information and archives Government studies and investigations Internet and video services Internet, web applications, social media Office of Management and Budget (OMB) Public contracts and procurement

IoT Cybersecurity Improvement Act of 2020

Introduced: March 11, 2019 Introduced by: Kelly, Robin L. Democratic · Illinois See on congress.gov
Sign in to write a letter Sign in to watch
 Everywhere this bill has been 22 steps
Introduced
In committee
Reported out
Passed House
Passed Senate
To President
Became law
Dec 4, 2020
Became Public Law No: 116-207.
Dec 4, 2020
Signed by President.
Nov 24, 2020
Presented to President.
Nov 18, 2020
Message on Senate action sent to the House.
Nov 17, 2020
Passed Senate without amendment by Unanimous Consent. (consideration: CR S7043-7044)
Nov 17, 2020
Passed/agreed to in Senate: Passed Senate without amendment by Unanimous Consent.(consideration: CR S7043-7044)
Sep 15, 2020
Received in the Senate, read twice.
Sep 14, 2020
The title of the measure was amended. Agreed to without objection.
Sep 14, 2020
Motion to reconsider laid on the table Agreed to without objection.
Sep 14, 2020
On motion to suspend the rules and pass the bill, as amended Agreed to by voice vote. (text: CR H4351-4352)
Sep 14, 2020
Passed/agreed to in House: On motion to suspend the rules and pass the bill, as amended Agreed to by voice vote.
Sep 14, 2020
DEBATE - The House proceeded with forty minutes of debate on H.R. 1668.
Sep 14, 2020
Considered under suspension of the rules. (consideration: CR H4351-4354)
Sep 14, 2020
Mrs. Maloney, Carolyn B. moved to suspend the rules and pass the bill, as amended.
Sep 14, 2020
Placed on the Union Calendar, Calendar No. 402.
Sep 14, 2020
Committee on Science, Space, and Technology discharged.
Sep 14, 2020
Reported (Amended) by the Committee on Oversight and Reform. H. Rept. 116-501, Part I.
Jun 12, 2019
Ordered to be Reported in the Nature of a Substitute by Voice Vote.
Jun 12, 2019
Committee Consideration and Mark-up Session Held.
Mar 11, 2019
Referred to the Subcommittee on Research and Technology.
Mar 11, 2019
Referred to the Committee on Oversight and Reform, and in addition to the Committee on Science, Space, and Technology, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
Mar 11, 2019
Introduced in House
 Plain-English summary Congressional Research Service

Internet of Things Cybersecurity Improvement Act of 2020 or the IoT Cybersecurity Improvement Act of 2020

This bill requires the National Institute of Standards and Technology (NIST) and the Office of Management and Budget (OMB) to take specified steps to increase cybersecurity for Internet of Things (IoT) devices. IoT is the extension of internet connectivity into physical devices and everyday objects.

Specifically, the bill requires NIST to develop and publish standards and guidelines for the federal government on the appropriate use and management by agencies of IoT devices owned or controlled by an agency and connected to information systems owned or controlled by an agency, including minimum information security requirements for managing cybersecurity risks associated with such devices.

The bill requires the OMB to review agency information security policies and principles on the basis of the NIST standards and guidelines and issue such policies and principles as necessary to ensure the agency policies and principles are consistent with the NIST standards and guidelines.

NIST shall review and revise, as appropriate, the standards and guidelines every five years. The OMB shall update any policy or principle to be consistent with NIST revisions.

NIST shall develop and publish guidelines for agency, contractor, and subcontractor communications regarding security vulnerabilities.

The OMB shall develop and oversee the implementation of policies, principles, standards, or guidelines as necessary to address security vulnerabilities of information systems.

An agency is prohibited from procuring, obtaining, or using an IoT device if the agency determines during a review of a contract that the use of such device prevents compliance with the standards and guidelines, subject to a waiver where necessary for national security, for research purposes, or where such device is secured using alternative effective methods.

The Government Accountability Office shall report to Congress on broader IoT efforts.

What's happening now December 4, 2020

Became Public Law No: 116-207.

 Committees of jurisdiction 3
 Cosponsors 14
All 14 Democratic 9 Republican 5