The U.S. Federal Communications Commission (FCC) is proceeding with plans to develop and implement a voluntary labeling program for connected smart devices that meet rigorous cybersecurity requirements.
According to a Notice of Proposed Rulemaking (NPRM) issued in mid-August, the FCC’s “U.S. Cyber Trust Mark” Program would enable manufacturers of internet-enabled devices to qualify their products in accordance with rigorous cybersecurity requirements based on criteria developed by the National Institute of Standards and Technology (NIST). Devices that meet those requirements would then be permitted to apply the Cyber Trust Mark to their products, similar to the Energy Star logo currently applied to energy-efficient appliances.
As we previously reported, the FCC’s proposed Cyber Trust Program is intended to help consumers make informed decisions regarding their purchases of internet-enabled devices, while also providing an incentive for manufacturers to meet higher cybersecurity standards.
The FCC’s NPRM seeks public comments on several questions regarding the implementation of the Cyber Trust Program, including:
- The scope of devices or products that should be considered for inclusion in the labeling program;
- Who should be responsible for managing the program and program oversight;
- How to develop the security standards that could apply to different types of devices;
- How to demonstrate compliance with those standards;
- How to safeguard the cybersecurity label against unauthorized use; and
- How to educate consumers about the program.
Comments on the NPRM can be filed through the Commission’s Electronic Comment Filing System (reference PS Docket No. 23-239).