Cybersecurity Labeling for Consumer IoT and Software: Executive Order Update and Discussion

Event Description

This workshop will provide an update on NIST’s activities related to cybersecurity labeling for consumer Internet of Things (IoT) products and consumer software. NIST speakers will review the status of the draft criteria for consumer software labeling, summarize feedback received on the draft baseline security requirements for consumer IoT and solicit feedback on a discussion paper on consumer IoT product labeling. Time will be available for workshop participants to comment and ask questions online.

Advance registration for the no-fee workshop is required. Participants can submit questions online during the sessions and a recording of the workshop is expected to be available after the event.

Additional background:

In May of 2021, Executive Order (EO) 14028, “Improving the Nation’s Cybersecurity,” charged NIST with undertaking efforts which would encourage voluntary cybersecurity labeling programs. NIST is currently identifying key elements of labeling programs in terms of minimum requirements and desirable attributes (rather than establishing its own programs). NIST will specify desired outcomes, allowing providers and customers to choose best solutions for their devices and environments. One size may not fit all—and multiple solutions might be offered by label providers.

Now available online: 

NIST has published a new discussion draft on Consumer Cybersecurity Labelling for IoT Products: Discussion Draft on the Path Forward (View the Discussion Draft).