In this Act:
(1) Agency
The term "agency" has the meaning given that term in section 3502 of title 44.
(2) Director of OMB
The term "Director of OMB" means the Director of the Office of Management and Budget.
(3) Director of the Institute
The term "Director of the Institute" means the Director of the National Institute of Standards and Technology.
(4) Information system
The term "information system" has the meaning given that term in section 3502 of title 44.
(5) National security system
The term "national security system" has the meaning given that term in section 3552(b)(6) of title 44.
(6) Operational technology
The term "operational technology" means hardware and software that detects or causes a change through the direct monitoring or control of physical devices, processes, and events in the enterprise.
(7) Secretary
The term "Secretary" means the Secretary of Homeland Security.
(8) Security vulnerability
The term "security vulnerability" has the meaning given that term in section 1501(17) of title 6.
References in Text
This Act, referred to in text, is Pub. L. 116–207, Dec. 4, 2020, 134 Stat. 1001, known as the Internet of Things Cybersecurity Improvement Act of 2020 and also as the IoT Cybersecurity Improvement Act of 2020, which enacted this section and sections 278g–3b to 278g–3e of this title and provisions set out as a note under this section. For complete classification of this Act to the Code, see Short Title of 2020 Amendment note set out under section 271 of this title and Tables.
Codification
Section was enacted as part of the Internet of Things Cybersecurity Improvement Act of 2020, also known as the IoT Cybersecurity Improvement Act of 2020, and not as part of the National Institute of Standards and Technology Act which comprises this chapter.
Sense of Congress
Pub. L. 116–207, §2, Dec. 4, 2020, 134 Stat. 1001, provided that: "It is the sense of Congress that—
"(1) ensuring the highest level of cybersecurity at agencies in the executive branch is the responsibility of the President, followed by the Director of the Office of Management and Budget, the Secretary of Homeland Security, and the head of each such agency;
"(2) this responsibility is to be carried out by working collaboratively within and among agencies in the executive branch, industry, and academia;
"(3) the strength of the cybersecurity of the Federal Government and the positive benefits of digital technology transformation depend on proactively addressing cybersecurity throughout the acquisition and operation of Internet of Things devices by the Federal Government; and
"(4) consistent with the second draft National Institute for Standards and Technology Interagency or Internal Report 8259 titled 'Recommendations for IoT Device Manufacturers: Foundational Activities and Core Device Cybersecurity Capability Baseline', published in January 2020, Internet of Things devices are devices that—
"(A) have at least one transducer (sensor or actuator) for interacting directly with the physical world, have at least one network interface, and are not conventional Information Technology devices, such as smartphones and laptops, for which the identification and implementation of cybersecurity features is already well understood; and
"(B) can function on their own and are not only able to function when acting as a component of another device, such as a processor."