kras99 – stock.adobe.com
The Federal Communications Commission approved the U.S. Cyber Trust Mark for IoT devices and offers a way for consumers to be reassured that their IoT devices follow recommended cybersecurity standards.
The average U.S. household uses 21 IoT devices, according to a 2023 Deloitte study. As IoT devices become staples of everyday life, the attack surface will continue to grow, and IoT security will become essential.
The Cyber Trust Mark program is similar to Energy Star, which is a government-backed labeling program that identifies products, appliances and factories with superior energy efficiency. Energy Star measures efficiency by the amount of energy a product or building uses compared with similar items in its category.
With IoT devices being prone to vulnerabilities — such as weak passwords, lack of security updates and insecure networks — the Cyber Trust Mark certification could empower consumers to make purchasing decisions while also considering the security of their devices. With the advent of IoT devices in healthcare, healthcare officials are optimistic that the program will provide the necessary cybersecurity assurances for Internet of Medical Things, or IoMT, devices by informing future regulations.
Former President Joe Biden’s administration first proposed the certification in July 2023. In March 2024, the Federal Communications Commission established the framework for the program, and in January 2025, the program officially launched, with 11 companies designated by the FCC as cybersecurity label administrators (CLAs). These companies will be responsible for the administration of the Cyber Trust Mark. The program is currently voluntary.
After independent testing, products, appliances and IoT devices that meet the FCC’s regulations will be issued the Cyber Trust Mark logo by independent CLAs. The shield logo will also be accompanied by a QR code, leading consumers to information about the product’s security features, how to securely configure the device and security patching — the process of updating software to address vulnerabilities and safeguard against cybersecurity risks.
By displaying the logo, manufacturers can signify to the public that their product has undergone security testing and meets official regulations from NIST.
During the certification process, manufacturers will submit their products to FCC-approved labs. Any product or device that meets the cybersecurity regulations will be allocated the Cyber Trust Mark logo.
Retailers — such as Best Buy and Amazon — will work collaboratively with the program by prioritizing stocking items that display the logo, promoting the logo in their own marketing and collaborating with manufacturers that demonstrate a commitment to the program.
Connected products that will be incorporated into the program include the following:
IoT devices are interrelated devices that exchange information and data over the internet. IoT simplifies day-to-day life and makes everyday tasks more convenient. However, IoT devices are more prone to cyberattacks by hackers who have accessed confidential information shared between products.
By awarding the Cyber Trust Mark to IoT devices that pass the FCC’s cybersecurity regulations, the program will give consumers peace of mind that their devices are secure and that their data is safe.
Following are examples of products that are not included in the program:
Reasons for exclusion vary. Products such as medical IoT devices often fall under other regulatory boards. In other cases, the complexity of the products’ security requirements are not covered by current Cyber Trust Mark regulations.
The FCC has stated that although the current program focuses on wireless IoT products, the criteria could evolve over time.
The Cyber Trust Mark program supports the criteria set by NIST. NIST has set the criteria to drive “product-focused outcomes that enable consumers to make informed decisions about purchasing and maintaining these products.”
Some of the criteria include the following:
The Cyber Trust Mark offers consumers a simple way to identify smart devices and products that have been tested and meet security standards. It assures consumers that the products they bring into their homes and use daily are secure. The label also features a QR code that directs consumers to valuable security information they might not have easily accessed otherwise.
Rosa Heaton is a content manager for the Learning Content group at Informa TechTarget.
A network interface card (NIC) is a hardware component, typically a circuit board or chip, installed on a computer so it can …
A network node is a connection point in a communications network.
Telnet is a network protocol used to remotely access a computer for a text-based communication channel between two machines.
A rootkit is a program or a collection of malicious software tools that give a threat actor remote access to and control over a …
Copyright is a legal term describing ownership or control of the rights to use and distribute certain works of creative …
Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the …
A think tank is an organization that gathers a group of interdisciplinary scholars to perform research around particular policies…
Emotional intelligence (EI) is the area of cognitive ability that facilitates interpersonal behavior.
Agreed-upon procedures are a standard a company or client outlines in an engagement letter or other written agreement when it …
Gamification is a strategy that integrates entertaining and immersive gaming elements into nongame contexts to enhance engagement…
Employee self-service (ESS) is a widely used human resources technology that enables employees to perform many job-related …
Diversity, equity and inclusion is a term used to describe policies and programs that promote the representation and …
Voice of the customer (VOC) is the component of customer experience (CX) that focuses on customer needs, wants, expectations and …
High-touch customer service is a category of contact center interaction that requires human interaction.
CRM (customer relationship management) is the combination of practices, strategies and technologies that companies use to manage …
All Rights Reserved, Copyright 1999 – 2025, TechTarget
Privacy Policy
Cookie Preferences
Do Not Sell or Share My Personal Information
About The Author
More Stories
Local Infrastructure, Lower Costs: How Peering Is Moving the Needle on Internet Affordability
On Global Accessibility Awareness Day, An Internet for Everyone Must Include Everyone
An Open Fiber Data Standard to Make the Internet for Everyone