The FCC has recently initiated a voluntary cybersecurity labeling program specifically for consumer Internet of Things (IoT) products. This is a significant step towards enhancing the security of wireless IoT devices.
The primary aim of this program is to help consumers make informed decisions when purchasing IoT products. It also encourages manufacturers to adhere to higher cybersecurity standards, thereby enhancing overall consumer protection. The program is a result of a collaborative effort between the FCC and the private sector. Compliance testing will be handled by third-party administrators and accredited labs, ensuring an unbiased evaluation of the products.
U.S. Cyber Trust Mark: Products that meet the cybersecurity standards set by the FCC will be allowed to display a U.S. Cyber Trust Mark. This mark serves as a sign of assurance for consumers about the product’s cybersecurity measures. Additionally, these products will also feature a QR code providing detailed security information.
The IoT Labeling Program initially on IoT “products,” which we define to include one or more IoT devices and additional product components necessary to use the IoT device beyond basic operational features, such as: home security cameras, voice-activated shopping devices, internet-connected appliances, fitness trackers, garage door openers and baby monitors.
This RO provides guidance on the two-step process for obtaining the FCC IoT Label, involving product testing and application filing, as well as ongoing obligations for entities authorized to use the label, as well as the criteria and standards for Consumer IoT Product cybersecurity, the responsibilities of CLAs (CyberLabs), and the process for selecting and revoking CLAs.
The document mentions specific dates related to the comment period for the proposed rulemaking, such as “Comment Date” and “Reply Comment Date,” which are set for 30 and 60 days after publication in the Federal Register respectively.