By STACEY HIGGINBOTHAM – Last week, four Senators and two members of the House introduced a new bill aimed at protecting connected devices that are used by the U.S. government. It is called the Internet of Things (IoT) Cybersecurity Improvement Act of 2019 and roughly the fourth or fifth attempt to get something through Congress related to the lack of secure connected devices.

But this bill is very different than previous efforts, which took a bare minimum approach to legislation. The nine-page bill essentially asks Congress to order the National Institute of Standards and Technology (NIST) to prepare a list of good security practices and then give that list to the Office of Management and Budget (OMB) so it can tell agencies what rules they need to follow.

Unlike the first attempt in 2017, this bill is far less prescriptive when it comes to specifics. In the 2017 version, we had to trudge through definitions of firmware and hardware, read about hard-coded passwords, and dig through several other elements. It went a bit too far in detailing how government agencies should decide if a connected device they wanted to buy was secure. Read more: