FCC Approves Voluntary Cyber Trust Labels for Consumer IoT Products
March 14, 2024 – Published on Dark Reading
The Federal Communications Commission (FCC) will be rolling out a voluntary cybersecurity labeling program for Internet of Things (IoT) products for consumers
At its public meeting today, the Commission unanimously voted to approve the program, which will allow IoT manufacturers to slap US Cyber Trust Certification Marks onto products that meet certain minimum criteria defined by the National Institute for Standards and Technology (NIST).
The marks — plus associated QR codes, linking to product registries with more detailed security information about compliant products — will enable customers to make more informed purchases, and companies to distinguish their products from the competition.
“A lot of it will probably come down to cost,” says Patrick Gillespie, OT Lead at GuidePoint Security. “To comply, companies will have to build out policies and procedures, they’ll need to adhere to each control and then they’ll also probably need to get a third-party company to test to make sure that the administrative controls functions are working as intended, and also that any communications to and from the device are encrypted and not accessed by anybody on the wireless network.”