California enacts first-in-nation IoT security law

Oct. 3, 2018

The new law requires some form of authentication for most connected devices. The nation’s first IoT security act was just signed into law in California. The law isn’t just about the IoT, but billions of small connected devices will have to add critical features if they’re sold in the state after Jan. 1, 2020.

SB-327 is broad legislation that applies, with some exceptions, to “…any device, or other physical object that is capable of connecting to the Internet, directly or indirectly, and that is assigned an Internet Protocol address or Bluetooth address.” Those devices will be required to have basic security capabilities installed—though precisely what those might be is not spelled out in the legislation.

Instead, the law requires steps that are “appropriate” to the device and the information it collects, protecting each from “…unauthorized access, destruction, use, modification, or disclosure.” Specifically, if a device has provisions for unique authentication of device and/or users, it is considered to be in compliance with the law.

The exceptions to the requirement are those devices that fall under federal laws or regulations, including medical devices.

Dark Reading has the story

Sponsored Recommendations

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...

Spotlight on Artificial Intelligence

Unlock the potential of AI in our latest series. Discover how AI is revolutionizing clinical decision support, improving workflow efficiency, and transforming medical documentation...

Beyond the VPN: Zero Trust Access for a Healthcare Hybrid Work Environment

This whitepaper explores how a cloud-enabled zero trust architecture ensures secure, least privileged access to applications, meeting regulatory requirements and enhancing user...

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...