In 2017, the US Congress released a draft of the IoT Cybersecurity Improvement Act (read it at https://www.scribd.com/document/355269230/Internet-of-Things-Cybersecurity-Improvement-Act-of-2017). This is primarily geared towards IoT devices used in federal systems; however, it might prove an interesting challenge determining which federal systems fall under the scope of the legislation.

It specifically calls out internet-connected devices, although in the federal government there are plenty of devices that will not be connected to the internet per se, but may be connected to private government networks. There are also many wireless sensors deployed that might fit the model of the IoT and be vulnerable to RF attacks, attacks against their gateways, and so on, but would not be covered under the scope of this legislation.

Review the draft legislation, and determine whether your specific product falls within its jurisdiction.