dremspider

dremspider t1_j0bojke wrote

Having some experience with MDM and the government... I am pretty sure most agencies are already doing this. If they are following NIST guidance they are doing this. My guess is this is a performative senate vote of "look we are doing something". DOD already has policies around this. DHS then has control over the policies over a ton of other agencies of what must be followed as far as computer security. NIST provides "guidance" which is usually high level and is where the the specific rules come from.

https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-124r1.pdf

3