In plain terms. The Internet of Things Cybersecurity Improvement Act of 2020 prohibits federal agencies from procuring IoT devices that do not meet NIST security standards and directs NIST and OMB to publish device-security and coordinated vulnerability-disclosure guidelines. It uses the government's buying power to raise baseline security for connected devices.
Citation. Pub. L. 116-207 (Dec. 4, 2020); 15 U.S.C. §§ 278g-3a to 278g-3e.
NIST SP 800-213 series; NIST IoT device guidance