In this Act:
The term "agency" has the meaning given that term in section 3502 of title 44.
The term "Director of OMB" means the Director of the Office of Management and Budget.
The term "Director of the Institute" means the Director of the National Institute of Standards and Technology.
The term "information system" has the meaning given that term in section 3502 of title 44.
The term "national security system" has the meaning given that term in section 3552(b)(6) of title 44.
The term "operational technology" means hardware and software that detects or causes a change through the direct monitoring or control of physical devices, processes, and events in the enterprise.
The term "Secretary" means the Secretary of Homeland Security.
The term "security vulnerability" has the meaning given that term in section 1501(17) of title 6.
(
This Act, referred to in text, is
Section was enacted as part of the Internet of Things Cybersecurity Improvement Act of 2020, also known as the IoT Cybersecurity Improvement Act of 2020, and not as part of the National Institute of Standards and Technology Act which comprises this chapter.
"(1) ensuring the highest level of cybersecurity at agencies in the executive branch is the responsibility of the President, followed by the Director of the Office of Management and Budget, the Secretary of Homeland Security, and the head of each such agency;
"(2) this responsibility is to be carried out by working collaboratively within and among agencies in the executive branch, industry, and academia;
"(3) the strength of the cybersecurity of the Federal Government and the positive benefits of digital technology transformation depend on proactively addressing cybersecurity throughout the acquisition and operation of Internet of Things devices by the Federal Government; and
"(4) consistent with the second draft National Institute for Standards and Technology Interagency or Internal Report 8259 titled 'Recommendations for IoT Device Manufacturers: Foundational Activities and Core Device Cybersecurity Capability Baseline', published in January 2020, Internet of Things devices are devices that-
"(A) have at least one transducer (sensor or actuator) for interacting directly with the physical world, have at least one network interface, and are not conventional Information Technology devices, such as smartphones and laptops, for which the identification and implementation of cybersecurity features is already well understood; and
"(B) can function on their own and are not only able to function when acting as a component of another device, such as a processor."