Skip to main content

About Our Council

Team and Leadership

2.17 Internet of Things Cybersecurity Improvement Act of 2020

Enacted in 2020 to establish minimum security standards for [Internet of Things (IoT)] devices owned and controlled by the federal government. This law gives authority to the CIO to prohibit the head of any agency from “procuring or obtaining, renewing a contract to procure or obtain, or using an [IoT] device” if they find through a mandatory review process that the use of the device prevents compliance with NIST standards and guidelines.

The CIO can waive this requirement only if:

  • the waiver is necessary in the interest of national security;
  • procuring, obtaining, or using such device is necessary for research purposes; or
  • such device is secured using alternative and effective methods appropriate to the function of such device. ( Public Law 116-207. IoT CyberSecurity Improvement Act of 2020.)

CIO.gov

An Official website of the Federal Government

Looking for U.S. government information and services?
Visit USA.gov