Cybersecurity risk
assessment
OMB Orders Agencies to Take Stock of IoT Devices
The Office of Management and Budget has instructed federal agencies to each produce internet of things inventories by the end of fiscal year 2024.
The directive is part of a Federal Information Security Modernization Act implementation memo released Monday by OMB Director Shalanda Young, Nextgov/FCW reported Tuesday.
According to the OMB, properly evaluating cybersecurity risks to missions and operations requires agencies to understand the physical hardware connected within their information systems.
In the memo, OMB defined what assets the inventories are meant to include, many of which are operational technology. The office also pointed to “interconnected devices that interact with the physical world,” such as building maintenance systems, environmental sensors and hospital equipment.
Agencies must also indicate how their inventories align with National Institute of Standards and Technology requirements.
OMB is required under the 2020 IoT Cybersecurity Improvement Act to ensure federal agencies’ IoT device policies conform to NIST guidelines.
Category: Cybersecurity