Following our recent discussion on the Federal Communications Commission’s (FCC) proposed rules for the Cybersecurity Labeling for Internet of Things (IoT) Program, the FCC has made a significant announcement. As of August 9, 2024, the Commission has set September 9, 2024, as the effective date for these rules, transitioning from proposals to actionable regulations.
Recap of the Proposed Rules
In our previous post, we highlighted the FCC’s call for public comments on several key aspects of the IoT Cybersecurity Labeling program, as outlined in document 58312–58323 [2024–15379]. The main focus areas included:
- Application Formats and Fees: The FCC proposed a narrative application format for Cybersecurity Labeling Authorities (CLAs) and the Lead Administrator, along with defined filing fees.
- Selection Criteria: Applicants for CLAs and the Lead Administrator role are required to demonstrate extensive cybersecurity expertise and an understanding of relevant guidelines and laws.
- Expense Sharing and Neutrality: The program suggested mechanisms for sharing expenses among CLAs and emphasized the neutrality of the Lead Administrator to avoid competitive biases.
- Complaint Processes: A structured process was proposed for managing complaints regarding the misuse of the U.S. Cyber Trust Mark.
- Confidentiality and Security: Applications from manufacturers are treated with high confidentiality, and compliance with the Federal Information Security Modernization Act (FISMA) is mandatory.
- IoT Registry: The rules include the creation of a public registry, accessible via QR code, providing detailed information about the cybersecurity features of IoT products.
What’s Next?
With the rules set to be implemented soon, stakeholders including manufacturers, cybersecurity professionals, and consumers are advised to prepare for the changes. The establishment of the IoT Registry and the formal activation of the U.S. Cyber Trust Mark are anticipated to enhance transparency and security in IoT devices significantly.
As these rules take effect, it will be crucial for all involved parties to familiarize themselves with the new requirements and ensure compliance. The FCC’s commitment to cybersecurity through this program marks a pivotal step towards securing IoT devices against increasing cyber threats.
If you would like more information about FCC regulations or if you require a local US Agent, please get in touch with iCertifi, your trusted FCC partner.