View all text of Chapter 7 [§ 271 - § 286]

§ 278g–3b. Security standards and guidelines for agencies on use and management of Internet of Things devices
(a) National Institute of Standards and Technology development of standards and guidelines for use of Internet of Things devices by agencies
(1) In general
(2) Consistency with ongoing effortsThe Director of the Institute shall ensure that the standards and guidelines developed under paragraph (1) are consistent with the efforts of the National Institute of Standards and Technology in effect on December 4, 2020
(A) regarding—
(i) examples of possible security vulnerabilities of Internet of Things devices; and
(ii) considerations for managing the security vulnerabilities of Internet of Things devices; and
(B) with respect to the following considerations for Internet of Things devices:
(i) Secure Development.
(ii) Identity management.
(iii) Patching.
(iv) Configuration management.
(3) Considering relevant standards
(b) Review of agency information security policies and principles
(1) Requirement
(2) ReviewIn reviewing agency information security policies and principles under paragraph (1) and issuing policies and principles under such paragraph, as may be necessary, the Director of OMB shall—
(A) consult with the Director of the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security; and
(B) ensure such policies and principles are consistent with the information security requirements under subchapter II of chapter 35 of title 44.
(3) National security systems
(c) Quinquennial review and revision
(1) Review and revision of NIST standards and guidelinesNot later than 5 years after the date on which the Director of the Institute publishes the standards and guidelines under subsection (a), and not less frequently than once every 5 years thereafter, the Director of the Institute, shall—
(A) review such standards and guidelines; and
(B) revise such standards and guidelines as appropriate.
(2) Updated OMB policies and principles for agencies
(d) Revision of Federal Acquisition Regulation
(Pub. L. 116–207, § 4, Dec. 4, 2020, 134 Stat. 1002.)