The White House on January 8th announced the formal launch of the US Cyber Trust Mark, a national cyber security label for IoT devices.

The US Cyber Trust Mark has been devised to provide consumers with a Quality Assurance mark that guarantees minimum levels of cybersecurity assurance for devices and IoT home and consumer technology.

The Federal Communications Commission (FCC) proposed the new Mark following pressure from consumer groups, industry bodies and politicians.

The Cyber Trust Mark is also a US response to moves by a number of overseas administrations including the EU, the UK and Singapore to establish consumer device cybersecurity labelling.

The formal launch of the US Cyber Trust Mark completes the public notice and input phases of the scheme. These phases had run over the previous 18 months. During that time, FCC commissioners had decided, to authorise the programme and adopt final rules. The decisions were taken, the White House noted, in a bipartisan and anonymous vote. They also agreed on the adoption of a distinct, trademarked shield logo that will be applied to products certified for the US Cyber Trust Mark Label.

In December 2024 the FCC announced the conditional approval of 11 companies as Cyber Security Label Administrators. The FCC also conditionally selected UL Solutions as the lead administrator.

The other 10 cyber security label administrators comprise: CSA America Testing & Certification, CTIA Certification LLC, DEKRA Certification Inc., Intertek Testing Services, Inc., ioXt Alliance, Palindrome Technologies, SGS North America Inc, Telecommunications Industry Association, TÜV Rheinlandof North America, and TÜV SÜD America.

As Lead Administrator, UL Solutions will be responsible for identifying or developing, and recommending to the commission for approval, the IoT specific standards and testing procedures for the programme. It will also be responsible for managing and forwarding other recommendations related to the US Cyber Trust Mark to the Commission of Commerce and for acting as liaison between the Commission and the other ten Cybersecurity Label Administrators (CLAs).

CLAs will be authorised by the commission to certify the use of the FCC IoT label, which includes the US Cyber Trust Mark by manufacturers whose products comply with the commissions IoT cyber security labelling programme rules.

Under the new programme, products that meet the new device and IoT cybersecurity standards will be able to display the Shield label. This will make cyber quality assured products easier for consumers to recognise.

In addition to the Shield label and a QR code, the scheme provides a range of detail about the product such as what sensor data is collected, which data elements are shared, how security updates are applied, and what kind of authentication is supported for stop short form details are provided on the packaging, with fuller details available online through a smartphone app by scanning the QR code.

Further details that the FCC is planning to include in the scheme include a comprehensive list of data collected by the equipment provider, if data stored can identify consumers, whether and what data is stored in the cloud, and what data is shared or sold to third parties.

The FCC is considering annual recertifications, but the intervals have not yet been decided.