FCC Approves Voluntary Cyber Trust Labels for Consumer IoT Products

Heres what IoT device manufacturers need to know to earn a cybersecurity stamp of approval from the government.

The Federal Communications Commission (FCC) will be rolling out a voluntary cybersecurity labeling program for Internet of Things (IoT) products for consumers
At
its public meeting today
, the Commission unanimously voted to approve the program, which will allow IoT manufacturers to slap
US Cyber Trust Certification Marks
onto products that meet certain minimum criteria defined by the National Institute for Standards and Technology (NIST).
The marks — plus associated QR codes, linking to product registries with more detailed security information about compliant products — will enable customers to make more informed purchases, and companies to distinguish their products from the competition.
With the proliferation of products available, it is challenging even for the most informed consumer to confidently identify the
cybersecurity capabilities of any given device
, FCC Commissioner Geoffrey Starks said at the open meeting, assuring that Help is on the way, starting today.
The technical criteria necessary to obtain a good job sticker are defined in
NISTs Internal Report 8425
.
Approved devices will need to have a unique identification and an
inventory of all its components
.
Theyll need to have flexible configurations, the ability to restore to a secure factory setting, and mechanisms to ensure that settings can be changed only by authorized individuals, services, or components.
Theyll need thorough protections for data storage and transmission, and the ability to erase sensitive personal information.
Theyll need to implement strict access controls, and mechanisms for secure, prompt updates to software.
And, finally, theyll need to be able to capture and record information that can be used to detect cybersecurity incidents affecting their components, as well as the data they store and transmit.
While the program is entirely optional, a number of major technology companies — including Amazon, Best Buy, Google, LG, Logitech, and Samsung — already expressed their support back when it was
first announced in 2023
.
Only time will tell, though, whether consumers will sufficiently incentivize companies to obtain the badge by voting with their pockets. With somewhere north of
10 billion IoT products
expected to leave shelves globally over the coming few years, theyll certainly have the opportunity to do so.
A lot of it will probably come down to cost, says Patrick Gillespie, OT Lead at GuidePoint Security. To comply, companies will have to build out policies and procedures, theyll need to adhere to each control and then theyll also probably need to get a third-party company to test to make sure that the administrative controls functions are working as intended, and also that any communications to and from the device are encrypted and not accessed by anybody on the wireless network.
So, for a pretty cheap IoT device — lets say 100 bucks — if this increases the cost by 10%, consumers will probably pay $110 for that extra security, he guesses. Now, if it doubles the price to $200…

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
FCC Approves Voluntary Cyber Trust Labels for Consumer IoT Products