*** A House bill to leverage the federal government's buying power to help secure the internet of things ecosystem advanced in committee on Wednesday. The Internet of Things Cybersecurity Improvement Act of 2019, introduced in March by Reps. Robin Kelly (D-Ill.) and Will Hurd (R-Texas) requires IoT devices purchased by the federal government to meet minimum security requirements covering patching, identity management and configuration management. The requirements aren't spelled out in the bill and would be developed by the National Institute of Standards and Technology, but at a minimum the provisions would likely prohibit hard-coded passwords that can't be changed by end users and require that connected devices be able to receive software and firmware updates over the air. The bill passed the House Oversight and Reform Committee on June 12. A similar measure has been backed in the Senate by Sens. Cory Gardner (R-Colo.) and Mark Warner (D-Va.).
*** The National Institute for Standards and Technology released a new draft white paper outlining best practices for secure software development. The document outlines 19 practices, such as conducting regular code reviews, defining your security requirements ahead of software development, and reusing existing, well-secured software, that stakeholders need to keep in mind throughout the software development lifecycle.
Because the practices are designed to apply to a broad range of public and private sector entities, NIST opted not to set down hard and fast rules around how organizations should implement them, though the paper does offer examples.
"The most important thing is implementing the practices and not the 119 mechanisms used to do so," the paper states. "For example, one organization might automate a particular step, while another might use manual processes instead."
*** Don't forget to submit your 2019 Government Innovation Award nominations. We're looking for individual Rising Stars, innovative public-sector projects and industry partners that are disrupting government IT.
Posted on Jun 13, 2019 at 6:36 PM