Cybersecurity Labeling for Internet of Things

Document Headings Document headings vary by document type but may contain the following: the agency or agencies that issued and signed a document the number of the CFR title and the number of each part the document amends, proposes to amend, or is directly related to the agency docket number / agency internal file number the RIN which identifies each regulatory action listed in the Unified Agenda of Federal Regulatory and Deregulatory Actions See the Document Drafting Handbook for more details. Federal Communications Commission 47 CFR Chapter I [PSHSB: PS Docket No. 23-239; FCC 23-65 FR ID 166265] AGENCY: Federal Communications Commission. ACTION: Proposed rule. SUMMARY: In this document, the Federal Communications Commission (Commission) proposes measures to improve consumer confidence and understanding of the security of their connected devices—commonly known as Internet of Things (IoT) devices—that are woven into the fabric of their everyday lives. To provide consumers with the peace of mind that the technology being brought into their homes is reasonably secure, and to help guard against risks to communications, the Commission proposes a voluntary cybersecurity labeling program that would provide easily understood, accessible information to consumers on the relative security of an IoT device or product, and assure consumers that manufacturers of devices bearing the Commission's IoT cybersecurity label adhere to widely accepted cybersecurity standards. In this regard, the Commission's cybersecurity labeling program would help consumers compare IoT devices and make informed purchasing decisions, drive consumers toward purchasing devices with greater security, incentivize manufacturers to meet higher cybersecurity standards to meet market demand, and encourage retailers to market secure devices. The proposed IoT label would offer a trusted, government-backed symbol for devices that comply with IoT cybersecurity standards. DATES: Comments are due on or b…