Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

IoT Product Criteria

As part of its assignment under the Presidential Executive Order on Improving the Nation’s Cybersecurity (14028) issued on May 12, 2021, NIST is responsible for a multi-faceted initiative related to cybersecurity labeling for consumers. That includes labeling for Internet of Things (IoT) products. Under the Executive Order, NIST is to publish details about the IoT labeling effort by February 6, 2022. NIST will identify key elements of IoT labeling programs in terms of minimum requirements and desirable attributes – rather than establishing its own program, it will specify desired outcomes, allowing providers and customers to choose best solutions for their products and environments. One size may not fit all, and multiple solutions might be offered by label providers. 

On August 31, 2021, NIST released a white paper with draft criteria for a labeling program on cybersecurity capabilities of Internet of Things (IoT) devices. NIST sought comments on the draft criteria, which suggested a set of potential baseline security criteria for IoT devices. Comments on the draft white paper were due no later than October 18, 2021. Those comments are available here.

On December 2, 2021, taking public feedback into account, NIST released a further discussion paper: Consumer Cybersecurity Labeling for IoT Products: Discussion Draft on the Path Forward. This paper will be discussed at the upcoming workshop Cybersecurity Labeling for Consumer IoT and Software: Executive Order Update and Discussion - December 9, 2021.

For questions, contact: labeling-eo [at]

Created August 31, 2021, Updated December 2, 2021