From the Document: "It is the sense of Congress that-- (1) ensuring the highest level of cybersecurity at agencies in the executive branch is the responsibility of the President, followed by the Director of the Office of Management and Budget, the Secretary of Homeland Security, and the head of each such agency; (2) this responsibility is to be carried out by working collaboratively within and among agencies in the executive branch, industry, and academia; (3) the strength of the cybersecurity of the Federal Government and the positive benefits of digital technology transformation depend on proactively addressing cybersecurity throughout the acquisition and operation of Internet of Things devices by the Federal Government; and (4) consistent with the second draft National Institute for Standards and Technology Interagency or Internal Report 8259 titled 'Recommendations for IoT [Internet of Things] Device Manufacturers: Foundational Activities and Core Device Cybersecurity Capability Baseline', published in January 2020, Internet of Things devices are devices that-- (A) have at least one transducer (sensor or actuator) for interacting directly with the physical world, have at least one network interface, and are not conventional Information Technology devices, such as smartphones and laptops, for which the identification and implementation of cybersecurity features is already well understood; and (B) can function on their own and are not only able to function when acting as a component of another device, such as a processor."
Public Law 116-207; P.L. 116-207; H.R. 1668
Government Publishing Office: http://www.gpo.gov/