The FCC has approved a voluntary Cybersecurity Labeling Program for wireless consumer IoT products based on NIST criteria [8], aiming to address cybersecurity concerns and protect consumer data.


The program requires manufacturers to ensure device security [6], prompt vulnerability updates [6], comply with security standards [4], and pass testing to receive a Cyber Trust Mark. Details on authorization dates, default password changes [2], software updates [2] [3], support periods [2] [5], configurations [2], and software bill of materials must be provided. Excluded devices include certain communications equipment [8], FDA-regulated medical devices [8], and motor vehicles [8]. Collaboration with the Justice Department for international recognition is included [2]. Manufacturers can showcase compliance with FCC standards through the ‘US Cyber Trust Mark’ logo on labeled products, which will also feature a QR code linking to a product registry for security information. The program will focus on wireless consumer IoT products like smart speakers and doorbells [7], aiming to help consumers make informed decisions and incentivize manufacturers to enhance security [1]. The FCC will seek feedback on security risks from adversarial nations and data collection practices [3]. The initiative aims to enhance cybersecurity for wireless consumer IoT products in an increasingly connected world and is overseen by third-party administrators and accredited laboratories [4].


The program, introduced by the Biden-Harris administration [1] [4], aims to be voluntary to encourage stakeholder engagement and may influence future agreements [8]. Success depends on collaboration between government [7], industry stakeholders [6] [7], retailers [7], and cybersecurity groups [7]. The initiative aims to establish the ‘Cyber Trust Mark’ as a universal standard for secure IoT devices, with potential additional disclosure requirements being considered [4]. Industry experts anticipate increased certifications from manufacturers prioritizing cybersecurity [4], with the goal of enhancing security measures for IoT devices and fostering consumer trust [5].