US Congress Passes an IoT Security Bill 'That Doesn't Totally Suck

Shotgun (Slashdot reader #30,919) shared these thoughts from The Register:Every now and again the U.S. Congress manages to do its job and yesterday was one of those days: the Senate passed a new IoT cybersecurity piece of legislation that the House also approved, and it will now move to the President's desk. As we noted back in March when the IoT Cybersecurity Improvement Act was introduced, the law bill is actually pretty good: it asks America's National Institute of Standards and Technology (NIST) to come up with guidelines for Internet-of-Things devices and would require any federal agency to only buy products from companies that met the new rules. It gives a minimum list of considerations to be covered: secure code, identity management, patching and configuration management. It also requires the General Services Administrationthe arm of the federal government that sources products and comms for federal agenciesto come up with guidelines that would require each agency to report and publish details of security vulnerabilities, and how they resolved them, and coordinate with other agencies. Industry has also got behind the effortSymantec, Mozilla, BSA The Software Alliance (which includes Apple, Microsoft, IBM, Cloudflare, the CTIA and others)and Congress has managed to keep its fingers out of things it knows nothing about by leaving the production of standards with the experts, using federal procurement to create a de facto industry standard. Though it will still be legal sell insecure IoT devices, "for those looking for good, secure products, there will be a baseline standard across the industry..." the article concludes. "[T]his is an essential first step to getting secure IoT in place."Read more of this story at Slashdot.
Click here to read full news..