BAG19157 S.L.C.
116
TH
CONGRESS 1
ST
S
ESSION
S.
ll
To leverage Federal Government procurement power to encourage increased cybersecurity for Internet of Things devices, and for other purposes.
IN THE SENATE OF THE UNITED STATES
llllllllll
Mr. W
ARNER
(for himself, Mr. G
ARDNER
, Ms. H
ASSAN
, and Mr. D
AINES
) in-troduced the following bill; which was read twice and referred to the Com-mittee on
llllllllll
A BILL
To leverage Federal Government procurement power to en-courage increased cybersecurity for Internet of Things devices, and for other purposes.
Be it enacted by the Senate and House of Representa-
1
tives of the United States of America in Congress assembled,
2
SECTION 1. SHORT TITLE.
3
This Act may be cited as the ‘‘Internet of Things Cy-
4
bersecurity Improvement Act of 2019’’ or the ‘‘IoT Cyber-
5
security Improvement Act of 2019’’.
6
SEC. 2. DEFINITIONS.
7
In this Act:
8
2
BAG19157 S.L.C.
(1) A
GENCY
.—The term ‘‘agency’’ has the
1
meaning given such term in section 3502 of title 44,
2
United States Code.
3
(2) C
OVERED DEVICE
.—
4
(A) I
N GENERAL
.—The term ‘‘covered
5
device’’means a physical object that—
6
(i) is capable of connecting to and is
7
in regular connection with the Internet;
8
(ii) has computer processing capabili-
9
ties that can collect, send, or receive data;
10
and
11
(iii) is not a general-purpose com-
12
puting device, including personal com-
13
puting systems, smart mobile communica-
14
tions devices, programmable logic controls,
15
and mainframe computing systems.
16
(B) M
ODIFICATION OF DEFINITION
.—The
17
Director of the Office of Management and
18
Budget shall establish a process by which—
19
(i) interested parties may petition for
20
a device that is not described in subpara-
21
graph (A) to be considered a device that is
22
not a covered device; and
23
3
BAG19157 S.L.C.
(ii) the Director acts upon any peti-
1
tion submitted under clause (i) in a timely
2
manner.
3
(3) S
ECURITY VULNERABILITY
.—The term ‘‘se-
4
curity vulnerability’’ means any attribute of hard-
5
ware, firmware, software, or combination of 2 or
6
more of these factors that could enable the com-
7
promise of the confidentiality, integrity, or avail-
8
ability of an information system or its information
9
or physical devices to which it is connected.
10
SEC. 3. NATIONAL INSTITUTE OF STANDARDS AND TECH-
11
NOLOGY CONSIDERATIONS AND REC-
12
OMMENDATIONS REGARDING MANAGING
13
INTERNET OF THINGS CYBERSECURITY
14
RISKS.
15
(a) C
OMPLETION OF
O
NGOING
E
FFORTS
R
ELATING
16
TO
C
ONSIDERATIONS FOR
M
ANAGING
I
NTERNET OF
17
T
HINGS
C
YBERSECURITY
R
ISKS
.—
18
(1) I
N GENERAL
.—The Director of the National
19
Institute of Standards and Technology shall ensure
20
that the efforts of the Institute in effect on the date
21
of the enactment of this Act regarding consider-
22
ations for managing Internet of Things cybersecurity
23
risks, especially regarding examples of possible cy-
24
Reward Your Curiosity
Everything you want to read.
Anytime. Anywhere. Any device.
No Commitment. Cancel anytime.
