As part of its assignment under the Presidential Executive Order on Improving the Nation’s Cybersecurity (14028 issued on May 12, 2021, NIST has released a white paper with draft criteria for a labeling program on cybersecurity capabilities of Internet-of-Things (IoT) devices. This is one part of a multi-faceted initiative under the executive order related to cybersecurity labeling for consumers. NIST is seeking comments on the draft criteria, which suggests a set of potential baseline security criteria for IoT devices.
Comments on the draft white paper are due no later than October 18, 2021. Under the Executive Order, NIST is to publish details about the IoT labeling effort by February 6, 2022.
Comments should be submitted to: labeling-eo [at] nist.gov. Receipt of submissions will be acknowledged via email. All comments will be published on this website. Please submit comments only and include your name and organization’s name (if any) and cite “Draft IoT Device Labeling Criteria.” Personally identifiable information (PII), such as street addresses, phone numbers, account numbers, or Social Security numbers, or names of other individuals, should not be included. Do not submit confidential business information or otherwise sensitive or protected information.
NIST will identify key elements of labeling programs in terms of minimum requirements and desirable attributes – rather than establishing its own programs; it will specify desired outcomes, allowing providers and customers to choose best solutions for their devices and environments. One size may not fit all, and multiple solutions might be offered by label providers.
For questions, contact: labeling-eo [at] nist.gov