Skip to content
Search our site  
    November 3, 2023

    Update: U.S. Cyber Security Requirements & Guidance for IoT Products



    The National Institute of Standards & Technology (NIST), which is a part of the US Dept. of 
    Commerce, did last year publish a ‘White Paper’ denoted Recommended Criteria for 
    Cybersecurity Labeling for Consumer Internet of Things (IoT) Products. 
    This is a part of one of the pilot programs for cybersecurity labeling related to the overall objective of “improving the nation’s cybersecurity”.
    In March this year, the US government completed and issued the National Cybersecurity Strategy. Then on 8 August this year, the NIST published an Initial Public Draft for The NIST Cybersecurity Framework 2.0 NIST (CSWP 29) which is now out for public hearing until 6 December this year, and which shall replace the current framework from 2014.  NIST encourages concrete suggestions for improvements to the draft.

    Also, the U.S. Federal Communications Commission (FCC) is apparently moving ahead with plans to develop and implement a voluntary labeling program for connected smart devices that meet rigorous cybersecurity requirements.

    In remarks presented at the White House in Washington, DC, the FCC Chair Ms.Jessica Rosenworcel announced that it is now proposed to launch the first-ever voluntary “U.S. Cyber Trust Mark” Program. The proposed program, which would qualify connected smart devices to bear the Cyber Trust Mark, would help consumers to identify secure
    products while also creating incentives for device manufacturers to meet rigorous cybersecurity standards.

    So, just like the ‘Energy Star’ logo helps consumers identify devices that are energy efficient, the Cyber Trust Mark shall help consumers make more informed decisions about device privacy and security. In connection with this mark, it is also proposed to have a QR code that provides up-to-date information about the product.

    The proposed Cyber Trust Mark Program is based, amongst others, on the abovementioned criteria for cyber secure devices as developed by NIST. FCC expects the program to be launched before the end of 2024.

    For further information or cybersecurity-related services, please contact


    (Article is based on the info provided by Gier Horthe and the article published by InCompliance Sept.issue and edited by T.Sollie)

    Click Here To Subscribe To Our News In Brief

    Tags: cybersecurity , USA



    Some of the other articles in this newsletter