The US Government Finally Gets Serious About IoT Security

An anonymous reader quotes a report from IEEE Spectrum, written by Stacey Higginbotham:. The IoT Cybersecurity Improvement Act of 2020 has given the nation an excellent framework that will influence IoT security across the world. So, what's to like about the law? Two things, as it turns out. First, the law isn't focused on securing individual devices by dictating password requirements or encryption standards, both of which will need to evolve. Instead, it relies on the National Institute of Standards and Technology (NIST) to set many of the requirements that government agencies have to follow when purchasing connected devices. These policies see overall security as the sum of several parts, requiring specific prescriptions for device, cloud, and communication security.