Last updated on October 4, 2025
NO — Under the IoT Cybersecurity Improvement Act of 2020, a federal agency is prohibited from procuring or renewing contracts for IoT devices that fail to comply with NIST minimum standards, unless a waiver is granted for national security, research, or equivalent alternative security methods.
https://www.cio.gov/assets/files/Handbook-Laws.pdf
(Act enacted 2020; procurement rule effective Dec 2022)