On 7 January 2025, the US government announced the launch of the US Cyber Trust Mark, a new cybersecurity safety label for Internet-of-Things (IoT) consumer devices. "IoT products can be susceptible to a range of security vulnerabilities," the US Federal Communications Commission (FCC) said. "Under this program, qualifying consumer smart products that meet robust cybersecurity standards will bear a label including a new 'US Cyber Trust Mark.'"
As part of the effort, the logo will be accompanied by a QR code that users can scan, taking them to a registry of information with easy-to-understand details about the product's security, such as the support period and whether software patches and security updates are automatic. The data will also comprise details related to changing the default password and the various steps users can take to configure the device securely.
The initiative, announced in July 2023, is expected to involve third-party cybersecurity label administrators who will oversee evaluating product applications and authorizing the use of the label. Accredited labs will handle compliance testing, the FCC added.
Eligible products that come under the scope of the Cyber Trust Mark program include internet-connected home security cameras, voice-activated shopping devices, smart appliances, fitness trackers, garage door openers, and baby monitors. It does not cover medical devices regulated by the Food and Drug Administration (FDA); motor vehicles and equipment regulated by the National Highway Traffic Safety Administration (NHTSA); wired devices; and products used for manufacturing, industrial control, or enterprise applications.
The program also does not extend to equipment added to the FCC's Covered List, products manufactured by companies added to other lists for national security reasons (Department of Commerce's Entity List or Department of Defense's List of Chinese Military Companies), or banned from Federal procurement.
To apply to use the US Cyber Trust Mark, manufacturers who meet the eligibility criteria must have their products tested by an accredited and FCC-recognized Cyber Review Organization to ensure they meet the program's cybersecurity requirements and then apply to a Cybersecurity Label Administrator with the necessary supporting documents.
"The US Cyber Trust Mark program allows them to test products against established cybersecurity criteria from the US National Institute of Standards and Technology via compliance testing by accredited labs and earn the Cyber Trust Mark label, providing an easy way for American consumers to see the cybersecurity of products they choose to bring into their homes," the White House said.
This article is shared at no charge and is for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com
• Reporting: https://www.redskyalliance.org/
• Website: https://www.redskyalliance.com/
• LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5378972949933166424
Comments