Senator Urges OMB to Complete Review of Federal Agencies’ IoT Policies

U.S. Sen. Mark Warner, D-Va., chairman of the Senate Select Committee on Intelligence, has expressed frustration over the Office of Management and Budget’s slow progress in reviewing the policies of federal agencies on procuring and using internet of things devices.

Under the IoT Cybersecurity Improvement Act of 2020, which Warner co-sponsored, agencies are prohibited from purchasing or using IoT devices that do not comply with the National Institute of Standards and Technology’s cybersecurity guidelines.

In a letter to OMB Director Shalanda Young, Warner acknowledged the organization’s initiative to include the IoT cybersecurity category in rating federal agencies’ information security. He noted, however, the lack of an urgency to review agency IoT policies, citing the law’s requirement to complete the effort within 180 days following the release of the NIST guidelines, Warner’s office said.

Warner asked Young to respond to his letter within 60 days, providing information on the status of the OMB’s agency information security policy review efforts and the policies and principles the OMB issued to ensure agencies comply with NIST guidelines. The senator also asked Young to provide a list of agencies that have and have not aligned their information security policies and principles with NIST cybersecurity standards.