§278g–3a. Definitions

In this Act:

(1) Agency

The term "agency" has the meaning given that term in section 3502 of title 44.

(2) Director of OMB

The term "Director of OMB" means the Director of the Office of Management and Budget.

(3) Director of the Institute

The term "Director of the Institute" means the Director of the National Institute of Standards and Technology.

(4) Information system

The term "information system" has the meaning given that term in section 3502 of title 44.

(5) National security system

The term "national security system" has the meaning given that term in section 3552(b)(6) of title 44.

(6) Operational technology

The term "operational technology" means hardware and software that detects or causes a change through the direct monitoring or control of physical devices, processes, and events in the enterprise.

(7) Secretary

The term "Secretary" means the Secretary of Homeland Security.

(8) Security vulnerability

The term "security vulnerability" has the meaning given that term in section 650 of title 6.

( Pub. L. 116–207, §3, Dec. 4, 2020, 134 Stat. 1001 ; Pub. L. 117–263, div. G, title LXXI, §7143(d)(8), Dec. 23, 2022, 136 Stat. 3664 .)

Editorial Notes

References in Text

This Act, referred to in text, is Pub. L. 116–207, Dec. 4, 2020, 134 Stat. 1001 , known as the Internet of Things Cybersecurity Improvement Act of 2020 and also as the IoT Cybersecurity Improvement Act of 2020, which enacted this section and sections 278g–3b to 278g–3e of this title and provisions set out as a note under this section. For complete classification of this Act to the Code, see Short Title of 2020 Amendment note set out under section 271 of this title and Tables.

Codification

Section was enacted as part of the Internet of Things Cybersecurity Improvement Act of 2020, also known as the IoT Cybersecurity Improvement Act of 2020, and not as part of the National Institute of Standards and Technology Act which comprises this chapter.

Amendments

2022-Par. (8). Pub. L. 117–263 substituted "section 650 of title 6" for "section 1501(17) of title 6".

Statutory Notes and Related Subsidiaries

Sense of Congress

Pub. L. 116–207, §2, Dec. 4, 2020, 134 Stat. 1001 , provided that: "It is the sense of Congress that-

"(1) ensuring the highest level of cybersecurity at agencies in the executive branch is the responsibility of the President, followed by the Director of the Office of Management and Budget, the Secretary of Homeland Security, and the head of each such agency;

"(2) this responsibility is to be carried out by working collaboratively within and among agencies in the executive branch, industry, and academia;

"(3) the strength of the cybersecurity of the Federal Government and the positive benefits of digital technology transformation depend on proactively addressing cybersecurity throughout the acquisition and operation of Internet of Things devices by the Federal Government; and

"(4) consistent with the second draft National Institute for Standards and Technology Interagency or Internal Report 8259 titled 'Recommendations for IoT Device Manufacturers: Foundational Activities and Core Device Cybersecurity Capability Baseline', published in January 2020, Internet of Things devices are devices that-

"(A) have at least one transducer (sensor or actuator) for interacting directly with the physical world, have at least one network interface, and are not conventional Information Technology devices, such as smartphones and laptops, for which the identification and implementation of cybersecurity features is already well understood; and

"(B) can function on their own and are not only able to function when acting as a component of another device, such as a processor."