The US Cyber Trust Mark will certify devices that meet certain security standards. After the first announcement of the initiative July 2023the Federal Communications Commission on Tuesday provided details on how companies can submit their products for approval under the new label.
The label Applies only to consumer devices rather than integrated devices for “manufacturing, industrial control or enterprise applications”.
“We see great potential in the US CyberTrustmark program,” Michael Dolan, senior director and head of enterprise privacy and data protection at Best Buy, said in the press release. “This is a positive step for consumers and we are excited about the opportunity to highlight this program to our customers.”
News comes as cyber attacks happen. is increasingly troubling companies and governments around the world.. Department of Justice in 2024 Disrupted cyber attack. which targeted users’ routers and connected cameras.
See: Cybersecurity Professionals Struggle With Employees are abandoning security best practices..
What is the Cyber Trust Mark?
The purpose of the CyberTrust Mark is to encourage companies to implement cybersecurity best practices on Internet-connected devices. The White House compared the CyberTrust mark to the Energy Star label, which informs consumers about a product’s energy use and inspires companies to make their appliances meet Energy Star standards.
In the case of the Cyber Trust Mark, the devices covered include:
- Connected devices.
- Baby monitor.
- Home security cameras.
- Attached doorbell.
- Voice-activated assistants, such as Amazon’s Alexa.
“Amazon supports the goal of the US Cyber Trustmark to strengthen consumer confidence in connected devices,” Amazon vice president Steve Downer wrote in the news release. “We believe consumers will appreciate seeing the US CyberTrust mark on product packaging and when shopping online.”
Amazon and Best Buy plan to feature the mark in their product listings.
“It’s expensive to build a secure device; it’s cheaper to build a non-secure device,” Sean Tufts, managing partner of critical infrastructure and operational technology at Optio, said in an email to TechRepublic. “This certification puts pressure on business leaders to do the right thing.”
Which devices can receive labels and which can’t?
something Connected devices Not eligible for the Cyber Trust Mark. For example:
- Medical devices are still covered by the Food and Drug Administration.
- Connected cars and devices remain under the purview of the National Highway Traffic Safety Administration.
- Personal computers, smartphones, and routers are also exempt – although NIST is. Working on New standards for consumer routers.
Broadly, the label applies to any other consumer wireless IoT products.
Most companies outside the US can apply for labels, participate in testing labs, or act as administrators. Companies prohibited from participating in US government programs may not apply for the mark, including FCC Code Listthe Department of Commerce Entity Listor Department of Defense list of Chinese military companies.
How organizations can submit their products for the Cyber Trust Mark
To earn the mark, companies must submit products to accredited labs for compliance testing overseen by the US National Institute of Standards and Technology. Eleven private testing companies have been given conditional approval to become administrators. The FCC said the program is now active, and companies will be able to submit products for testing “soon.”
After the devices are approved, manufacturers can label and A QR code. Customers can scan the code to learn security information such as how to change the default. Password Or configure the device securely. The QR code will include information about security measures already in place, such as how long the device will receive support from the company and whether software patches are automatic or must be applied manually.
If the device does not have security support or updates from the manufacturer, the QR code will note this.
Do companies need to participate in the CyberTrustmark program?
Submitting products for CyberTrust Mark approval is entirely voluntary.
“Voluntarily, Consumer Reports hopes that manufacturers will apply for this mark, and that consumers will look for it when it becomes available,” Justin Brockman, director of technology policy, Consumer Reports, wrote in the press release.
“However, we must also consider whether this brand of trust will give consumers a false sense of ‘invulnerability’ and a false sense of complacency,” Tufts said. “This could increase the risk to Americans who are cyber-aware.”