PRIA Logo
Take the PRIA Score
Title 15Commerce and TradeRelease 119-73

§278g–3d Implementation of coordinated disclosure of security vulnerabilities relating to agency information systems, including Internet of Things devices

Title 15 › Chapter CHAPTER 7— - NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY › § 278g–3d

Last updated Apr 6, 2026|Official source

Summary

Not later than 2 years after December 4, 2020, the head of the Office of Management and Budget must work with the Secretary to create and put into action policies, standards, and guidelines to fix security weaknesses in computer systems and Internet of Things devices. Under section 3553(b) of title 44, the Secretary must help agencies report, share, publish, and receive information about those vulnerabilities in line with standards from the Director of the Institute, and the Federal Acquisition Regulation must be updated as needed to carry out these rules.

Full Legal Text

Title 15, §278g–3d

Commerce and Trade — Source: USLM XML via OLRC

(a)Not later than 2 years after December 4, 2020, the Director of OMB, in consultation with the Secretary, shall develop and oversee the implementation of policies, principles, standards, or guidelines as may be necessary to address security vulnerabilities of information systems (including Internet of Things devices).
(b)Consistent with section 3553(b) of title 44, the Secretary, in consultation with the Director of OMB, shall provide operational and technical assistance to agencies on reporting, coordinating, publishing, and receiving information about security vulnerabilities of information systems (including Internet of Things devices).
(c)The Secretary shall ensure that the assistance provided under subsection (b) is consistent with applicable standards and publications developed by the Director of the Institute.
(d)The Federal Acquisition Regulation shall be revised as necessary to implement the provisions under this section.

Legislative History

Notes & Related Subsidiaries

Editorial Notes

Codification Section was enacted as part of the Internet of Things Cybersecurity Improvement Act of 2020, also known as the IoT Cybersecurity Improvement Act of 2020, and not as part of the National Institute of Standards and Technology Act which comprises this chapter.

Statutory Notes and Related Subsidiaries

Definitions For definitions of terms used in this section, see section 278g–3a of this title.

Reference

Citations & Metadata

Citation

15 U.S.C. § 278g–3d

Title 15Commerce and Trade

Last Updated

Apr 6, 2026

Release point: 119-73