USA: Updates to the FCC cybersecurity label

 

The Federal Communications Commission (Commission or FCC) has announced an additional consultation about its new the IoT Labeling program.

In the consultation, the FCC seeks comment on additional items to further the efficient and timely rollout of the IoT Labeling program. These items include:

– the format of Cybersecurity Label Administrator (CLA) and Lead Administrator applications;

– filing fees for CLA applications; criteria for selecting CLAs and the Lead Administrator;

– CLA sharing of Lead Administrator expenses; Lead Administrator neutrality;

– processes for withdrawal of CLA and Lead Administrator approvals;

– recognition of CyberLABs outside the United States;

– complaint processes;

– confidentiality and security requirements;

– and the IoT registry.

The background of the consultation is the following:

In March 2024, the Federal Communications Commission (FCC) adopted a Report and Order and Further Notice of Proposed Rulemaking (IoT Labeling Order) to establish a framework for a voluntary cybersecurity labeling program for consumer wireless Internet of Things (IoT) products (IoT Labeling Program). Acknowledging the additional work needed to implement this framework, the Commission delegated authority to the Public Safety and Homeland Security Bureau (PSHSB), in coordination with the Office of the Managing Director (OMD), to seek comments on various items to ensure an efficient and timely rollout of the program.

Comments are due on or before 19 August 2024.

To find out more about product compliance in USA, please contact the Product Compliance Institute directly.