Smart Device Label Program Must Have Room to Evolve: CTA
CTA offered its updated take on the FCC’s proposed cybersecurity labeling program for smart devices, in reply comments posted Tuesday in docket 23-239. Most replies were posted Monday (see 2311130034). CTA and other groups said last week the program should…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
be voluntary and based on existing National Institute of Standards and Technology (NIST) guidance (see 2311090033). “The task now falls to the Commission to establish this Program to support efficient procedures for use of the Mark, apply rules consistently and equitably across program participants, and enable the Program to evolve over time,” CTA said. The group called on the FCC to “embrace opportunities to minimize administrative burdens and other participation costs while promoting public trust in the Mark.” The commission “must establish a process for self-attestation, streamline the review and renewal process for devices bearing the Mark, and leverage modern industry practices like e-labeling and other technology solutions,” CTA said. NCTA said most comments agree with its arguments that “the Program’s benefits and ultimate success are more likely to be realized if the technical security criteria for the Cyber Trust Mark are based on existing guidance that NIST has developed through robust engagement with diverse technology and security experts.” Building the program on “NIST’s already-established definition of ‘IoT device’ would maintain a consistent federal approach to IoT security baseline requirements, while also providing a clear vehicle for the Commission to identify and address updates over time,” NCTA said. The Connectivity Standards Alliance noted commenters disagreed on definitions and whether the FCC should certify IoT products or devices. The comments supporting certification of products “for the most part fail to squarely address or recommend a currently available framework for meeting the challenges associated with that approach,” the Alliance said: “The Alliance reiterates its recommendation to launch the Program with an immediately implementable focus on consumer IoT devices, and build from there.”