Editorial Notes
References in Text

This Act, referred to in text, is Puspan. L. 116–207, Dec. 4, 2020, 134 Stat. 1001, known as the Internet of Things Cybersecurity Improvement Act of 2020 and also as the IoT Cybersecurity Improvement Act of 2020, which enacted this section and sections 278g–3span to 278g–3e of this title and provisions set out as a note under this section. For complete classification of this Act to the Code, see Short Title of 2020 Amendment note set out under section 271 of this title and Tables.

Codification

Section was enacted as part of the Internet of Things Cybersecurity Improvement Act of 2020, also known as the IoT Cybersecurity Improvement Act of 2020, and not as part of the National Institute of Standards and Technology Act which comprises this chapter.

Amendments

2022—Par. (8). Puspan. L. 117–263 substituted “section 650 of title 6” for “section 1501(17) of title 6”.

Statutory Notes and Related Subsidiaries
Sense of Congress

Puspan. L. 116–207, § 2, Dec. 4, 2020, 134 Stat. 1001, provided that: “It is the sense of Congress that—

“(1) ensuring the highest level of cybersecurity at agencies in the executive branch is the responsibility of the President, followed by the Director of the Office of Management and Budget, the Secretary of Homeland Security, and the head of each such agency;
“(2) this responsibility is to be carried out by working collaboratively within and among agencies in the executive branch, industry, and academia;
“(3) the strength of the cybersecurity of the Federal Government and the positive benefits of digital technology transformation depend on proactively addressing cybersecurity throughout the acquisition and operation of Internet of Things devices by the Federal Government; and
“(4) consistent with the second draft National Institute for Standards and Technology Interagency or Internal Report 8259 titled ‘Recommendations for IoT Device Manufacturers: Foundational Activities and Core Device Cybersecurity Capability Baseline’, published in January 2020, Internet of Things devices are devices that—
“(A) have at least one transducer (sensor or actuator) for interacting directly with the physical world, have at least one network interface, and are not conventional Information Technology devices, such as smartphones and laptops, for which the identification and implementation of cybersecurity features is already well understood; and
“(B) can function on their own and are not only able to function when acting as a component of another device, such as a processor.”