After receiving rare bipartisan support, the Internet of Things Cybersecurity Improvement Act is headed to President Donald Trump for signature…
After receiving rare bipartisan support, the Internet of Things Cybersecurity Improvement Act is headed to President Donald Trump for signature. The bill establishes minimum security standards for Internet of Things (IoT) devices owned or controlled by the Federal Government.
The House of Representatives passed the IoT Cybersecurity Improvement Act (H.R. 1668) in September, and the Senate approved it on November 17 by unanimous consent. President Donald Trump is expected to sign the bill.
“While more and more products and even household appliances today have software functionality and internet connectivity, too few incorporate even basic safeguards and protections, posing a real risk to individual and national security,” Sens. Mark R. Warner (D-VA) and Cory Gardner (R-CO) said in a press statement. “I’m proud that Congress was able to come together today to pass this legislation, which will harness the purchasing power of the federal government and incentivize companies to finally secure the devices they create and sell.”
Proliferation of IoT Devices
The term “Internet of Things” (IoT) refers to the billions of physical devices around the world that are now connected to the internet, all collecting and sharing data. Essentially, any physical object can be transformed into an IoT device if it can be connected to the Internet to be controlled or communicate information. These devices include everyday objects, from home security systems to pacemakers which send and receive data via an Internet connection. With the growing popularity of virtual assistants like Amazon’s Alexa, internet connectivity is a growing feature on a wide range of electronic devices. The IoT technology reached 100 billion dollars in market revenue for the first time in 2017, and the figure is predicted to grow to approximately 1.6 trillion by 2025.
The IoT Cybersecurity Improvement Act would require the National Institute of Standards and Technology (NIST) to develop standards and guidelines for the Federal Government on the appropriate use and management by agencies of IoT devices owned or controlled by an agency and connected to information systems owned or controlled by an agency, including minimum information security requirements for managing cybersecurity risks associated with such devices. The standards must be published within 90 days of enactment.
In developing the standards and guidelines, NIST must ensure that its efforts are consistent with its existing protocols regarding examples of possible security vulnerabilities of IoT devices; and considerations for managing the security vulnerabilities of IoT devices. It must also address the following with respect to IoT devices: (i) secure development; (ii) identity management; (iii) patching; and (iv) configuration management.
In addition to mandating NIST standards, the IoT Cybersecurity Improvement Act would also:
Direct the Office of Management and Budget (OMB) to issue guidelines for each agency that are consistent with the NIST recommendations, including making any necessary revisions to the Federal Acquisition Regulation to implement new security standards and guidelines.
Require any IoT devices purchased by the federal government to comply with those recommendations.
Direct NIST to work with cybersecurity researchers, industry experts, and the Department of Homeland Security (DHS) to publish guidelines on vulnerability disclosure and remediation for federal information systems.
Require contractors and vendors providing information systems to the U.S. government to adopt coordinated vulnerability disclosure policies, so that if a vulnerability is uncovered, that can be effectively shared with a vendor for remediation.
Key Takeaway
The Internet of Things Cybersecurity Improvement Act would only apply to federally-procured IoT devices. However, the legislation is likely to spur efforts to create a standard for the private sector as well.
If you have questions, please contact us
If you have any questions or if you would like to discuss the matter further, please contact me, Maryam Meseha, or the Scarinci Hollenbeck attorney with whom you work, at 201-896-4100.
Why Compliance Monitoring Matters for NY and NJ Businesses
Compliance programs are no longer judged by how they look on paper, but by how they function in the real world. Compliance monitoring is the ongoing process of reviewing, testing, and evaluating whether policies, procedures, and controls are being followed—and whether they are actually working. What Is Compliance Monitoring? In today’s heightened regulatory environment, compliance […]
When Are New Jersey Business Owners Personally Liable for Corporate Debt?
New Jersey personal guaranty liability is a critical issue for business owners who regularly sign contracts on behalf of their companies. A recent New Jersey Supreme Court decision provides valuable guidance on when a business owner can be held personally responsible for a company’s debt. Under the Court’s decision in Extech Building Materials, Inc. v. […]
Commercial real estate trends in 2026 are being shaped by shifting economic conditions, technological innovation, and evolving tenant demands. As the market adjusts to changing interest rates, capital flows, and workplace models, investors, owners, tenants, and developers must understand how these trends are influencing opportunities and risk in the year ahead. Overall Outlook for Commercial […]
One Big Beautiful Bill: New Tip Income Tax Rules Employers & Workers Need to Know
Part 2 – Tips Excluded from Income Certain employees and independent contractors may be eligible to deduct tips from their income for tax years 2025 through 2028 under provisions included in the One Big Beautiful Bill. The deduction is capped at $25,000 per year and begins to phase out at $150,000 of modified adjusted gross […]
One Big Beautiful Bill: New Overtime Tax Rules Employers and Employees Need to Know
Part 1 – Overtime Pay and Income Tax Treatment Overview This Firm Insights post summarizes one provision of the “One Big Beautiful Bill” related to the tax treatment of overtime compensation and related employer wage reporting obligations. Overtime Pay and Employee Tax Treatment The Fair Labor Standards Act (FLSA) generally requires that overtime be paid […]
New York’s FAIR Business Practices Act: What the New Consumer Protection Measure Means for Your Business
In 2025, New York enacted one of the most consequential updates to its consumer protection framework in decades. The Fostering Affordability and Integrity through Reasonable Business Practices Act (FAIR Act) significantly expands the scope and strength of New York’s long-standing consumer protection statute, General Business Law § 349, and alters the compliance landscape for New York […]
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Sign up to get the latest from our attorneys!
Explore What Matters Most to You.
Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.
Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.
Let`s get in touch!
Sign up to get the latest from the Scarinci Hollenbeck, LLC attorneys!
