Mounting cybersecurity vulnerabilities impacting consumer internet-of-things devices has prompted the Federal Communications Commission to approve the voluntary U.S. Cyber Trust Mark labeling program that seeks to ensure security standard adherence among IoT devices, according to CyberScoop.
Aside from passing compliance testing from third-party labs, IoT device vendors looking to obtain the U.S. Cyber Trust Mark would have to detail authorization dates, default password modification instructions, software updates, minimum support periods, configuration instructions, and software bill of materials, if any, noted the FCC. Approval of the Cyber Trust Mark has also mandated a collaboration between the FCC's Public Safety and Homeland Security Bureau and the Justice Department's Office of International Affairs in establishing international recognition for the label. Such an initiative has been lauded by OpenPolicy co-founder and CEO Amit Elazari for recognizing not only specific devices but also the entire software ecosystem. "We really want to make sure you’re not creating a false sense of security, and the way to do it is to consider all of the components that can introduce a vulnerability," Elazari added.
