Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

2.17 Internet of Things Cybersecurity Improvement Act of 2020

Information Technology Laws

2.17 Internet of Things Cybersecurity Improvement Act of 2020

Enacted in 2020 to establish minimum security standards for [Internet of Things (IoT)] devices owned and controlled by the federal government. This law gives authority to the CIO to prohibit the head of any agency from “procuring or obtaining, renewing a contract to procure or obtain, or using an [IoT] device” if they find through a mandatory review process that the use of the device prevents compliance with NIST standards and guidelines.

The CIO can waive this requirement only if:

  • the waiver is necessary in the interest of national security;
  • procuring, obtaining, or using such device is necessary for research purposes; or
  • such device is secured using alternative and effective methods appropriate to the function of such device. ( Public Law 116-207. IoT CyberSecurity Improvement Act of 2020.)

An Official website of the Federal Government

Looking for U.S. government information and services?