https://community.isc2.org/t5/Governance-Risk-Compliance/IoT-Cybersecurity-improvement-Act-signed-off/m-p/41988#M236 <P><SPAN>NIST has done a reasonable job at creating draft guidance (</SPAN><A href="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-213-draft.pdf" target="_blank" rel="noopener">Special Publication 800-213</A><SPAN>&nbsp;and NIST Interagency Reports (NISTIRs)&nbsp;</SPAN><A href="https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8259B-draft.pdf" target="_blank" rel="noopener">8259B</A><SPAN>,&nbsp;</SPAN><A href="https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8259C-draft.pdf" target="_blank" rel="noopener">8259C</A><SPAN>, and&nbsp;</SPAN><A href="https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8259D-draft.pdf" target="_blank" rel="noopener">8259D</A><SPAN>&nbsp;but developers clear need concise requirements. The NISTIR baselines are a good start but are going to require a lot more detail to be usable.</SPAN></P> Tue, 29 Dec 2020 15:17:09 GMT AppDefects 2020-12-29T15:17:09Z https://community.isc2.org/t5/Governance-Risk-Compliance/IoT-Cybersecurity-improvement-Act-signed-off/m-p/41975#M235 <P>Hi All</P><P>&nbsp;</P><P>Within the US, "The Bipartisan IoT Cybersecurity Improvement Act was officially signed into law earlier this month, mandating that any IoT device purchased with government funds must meet minimum security standards."&nbsp;</P><P>&nbsp;</P><P>Well it's a good start, if it works, what happens if a third party supplier purchases the the IoT devices to support services they are providing the Government?</P><P>&nbsp;</P><P><A href="https://www.allaboutcircuits.com/news/internet-of-things-cybersecurity-improvement-act-signed-into-law/" target="_blank">https://www.allaboutcircuits.com/news/internet-of-things-cybersecurity-improvement-act-signed-into-law/</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Mon, 09 Oct 2023 09:44:23 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/IoT-Cybersecurity-improvement-Act-signed-off/m-p/41975#M235 Caute_cautim 2023-10-09T09:44:23Z https://community.isc2.org/t5/Governance-Risk-Compliance/IoT-Cybersecurity-improvement-Act-signed-off/m-p/41988#M236 <P><SPAN>NIST has done a reasonable job at creating draft guidance (</SPAN><A href="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-213-draft.pdf" target="_blank" rel="noopener">Special Publication 800-213</A><SPAN>&nbsp;and NIST Interagency Reports (NISTIRs)&nbsp;</SPAN><A href="https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8259B-draft.pdf" target="_blank" rel="noopener">8259B</A><SPAN>,&nbsp;</SPAN><A href="https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8259C-draft.pdf" target="_blank" rel="noopener">8259C</A><SPAN>, and&nbsp;</SPAN><A href="https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8259D-draft.pdf" target="_blank" rel="noopener">8259D</A><SPAN>&nbsp;but developers clear need concise requirements. The NISTIR baselines are a good start but are going to require a lot more detail to be usable.</SPAN></P> Tue, 29 Dec 2020 15:17:09 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/IoT-Cybersecurity-improvement-Act-signed-off/m-p/41988#M236 AppDefects 2020-12-29T15:17:09Z