Summary
- The White House and FCC are introducing a voluntary ‘U.S. Cyber Trust Mark’ for wireless smart home devices, similar to an Energy Star label, to help consumers identify products that meet cybersecurity standards.
- Manufacturers can earn the mark by having their products tested by the National Institute of Standards and Technology (NIST), creating a competitive incentive to improve device security and providing clear security information to consumers via a QR code on the product packaging.
- The program will launch in 2025, applying to various wireless IoT products like smart appliances, cameras, and fitness trackers, but excluding wired devices, medical devices, PCs, smartphones, and routers.
It’s not often that we get to source information directly from the US White House, but if the executive branch is concerned about your smart toaster — and no, not about your bread being over-crisped — then we’re talking very serious business.
The interconnected nature of IoT smart home devices has brought unprecedented convenience for consumers, but its double-edged nature has the White House concerned.
Recognizing the growing concern about security vulnerabilities connected to smart home devices, the White House, alongside the FCC, launched what it’s calling the “U.S. Cyber Trust Mark.” The mark is essentially a voluntary cybersecurity label that manufacturers can opt to display on their product boxes — but only if those smart home products pass a cybersecurity test from the U.S. National Institute of Standards and Technology (via Android Authority).
For manufacturers, the label creates a competitive dynamic, where gaining the mark becomes essential to being perceived as trustworthy and to avoid losing market share to other brands that have the mark. For consumers, on the other hand, the label is a net win as it can help them make more informed purchasing decisions, all while companies fight to make their products safer. Think of it as an Energy Star label, but for the product’s level of cybersecurity.
On product boxes, the mark will appear alongside a QR code, scanning which will highlight “easy-to-understand details about the security of the product.” Details include:
- How to change the device’s default password.
- How to configure the device securely.
- Whether updates/patches are automatic and if not, how consumers can access them.
- The product’s minimum support period end date or a statement that the device is not supported by the manufacturer and the consumer should not rely on the manufacturer to release security updates.
Be on the lookout later in 2025
Note that the program only applies to wireless IoT products, including the likes of internet-connected home security cameras, voice-activated shopping devices, smart appliances, fitness trackers, garage door openers, baby monitors, and akin. Wired devices, medical devices regulated by the FDA, personal computers, smartphones, and routers don’t make the eligible list.
Additionally, the program isn’t live yet. The FCC laid down the framework for the mark back in March 2024, and it is currently in its implementation stage. The FCC says that it will make subsequent announcements when the program is ready to accept applications, which will take place in 2025, according to the White House.
“The program is open for business in 2025: companies will soon be able to submit their products for testing to earn the label, companies like BestBuy and Amazon will be highlighting labeled products, and consumers can look for products bearing the Trust Mark on the shelves.”
