On December 4th, President Trump signed the IoT Cybersecurity Improvement Act of 2020, which directs the National Institute of Standards and Technology (NIST) to create standards and guidelines on the use and management of internet of things devices by federal agencies and to develop guidance on vulnerability disclosure and the resolution of disclosed vulnerabilities. The bill could not be any more timely. Four days after the act was signed into law, the Cybersecurity and Infrastructure Security Agency (CISA) released an advisory on AMNESIA:33, a set of 33 vulnerabilities impacting four open source TCP/IP stacks which collectively serve as the foundational components of millions of connected devices worldwide. Forescout Research Labs reported these vulnerabilities.