OMB Orders Agencies to Take Stock of IoT Devices
The directive is part of a Federal Information Security Modernization Act implementation memo released Monday by OMB Director Shalanda Young, Nextgov/FCW reported Tuesday.
According to the OMB, properly evaluating cybersecurity risks to missions and operations requires agencies to understand the physical hardware connected within their information systems.
In the memo, OMB defined what assets the inventories are meant to include, many of which are operational technology. The office also pointed to “interconnected devices that interact with the physical world,” such as building maintenance systems, environmental sensors and hospital equipment.
Agencies must also indicate how their inventories align with National Institute of Standards and Technology requirements.
OMB is required under the 2020 IoT Cybersecurity Improvement Act to ensure federal agencies’ IoT device policies conform to NIST guidelines.
Tags: cybersecurity Federal Information Security Modernization Act internet of things Nextgov/FCW Office of Management and Budget Shalanda Young