Skip to Content

IoT Purchasing Rules for Federal Agencies Take Effect in December

Starting next month, US federal agencies will be required to implement Internet of Things (IoT) cybersecurity guidelines developed by the National Institute of Standards and Technology (NIST). The IoT Cybersecurity Act of 2020 directed NIST to create a series of documents to address the needs of federal agencies seeking to deploy IoT devices within their systems.


  • Back in 1994, NIST put out FIPS 140-1, Security Requirements for Cryptographic Modules. In 1995, Netscape came out with SSL 2.0 for transport security in their Navigator browser. When the US Federal government started requiring government agencies require FIPS 140-1 compliance, it drove testing of SSL 2.0 and vulnerabilities were quickly found and fixed – and anyone (OK, back then mostly Microsoft) wanting to provide a browser for government use had to get their crypto tested and validated. SSL didn’t solve all security problems, but it did raise the bar and it is good to see the US government using its buying power to do the same thing for device security.
  • One of the challenges is that traditional IT security follows frameworks like NIST SP 800-53, while our OT operators are following the Purdue model. Having guidance to help crosswalk the two universes is critical to success. Keep an eye on SP 800-82, SP 800-181 and SP 800-313. NIST publications often include guidance and insight which is applicable beyond the federal government, consider leveraging these to raise the bar on your IoT acquisitions.
  • While mandated for federal agencies, every Industry sector will benefit by following the cybersecurity guidance in NIST Special Publication 800-213. Now is the time to build IoT cybersecurity requirements into your IT risk management process for the entire connected enterprise.


Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.