How the FCC Cyber Trust Mark Helps to Protect the Smart Home

Tags:

A connected home security system with IoT cameras, motion detectors, and remote monitoring

09 Sep 2025

Strengthening Consumer Confidence in a Connected World

As the number of connected devices in our homes continues to rise, so do the cybersecurity threats that target them. From baby monitors and smart thermostats to smart appliances and locks, the Internet of Things (IoT) landscape is vast and increasingly vulnerable. Consumers have long lacked clarity on what makes a connected product 'secure.' As a voluntary cybersecurity labeling program for consumer IoT products, the Cyber Trust Mark aims to change that.

What Is the FCC Cyber Trust Mark?

The Cyber Trust Mark is a voluntary cybersecurity labeling program for wireless consumer IoT products created by the U.S. Federal Communications Commission (FCC). Under this program, qualifying consumer smart products that meet robust cybersecurity standards will bear a Cyber Trust Mark. Displayed as an easy-to-recognize logo and QR code, the mark helps consumers make informed purchasing decisions by providing transparency into the security practices of the devices they bring into their homes.

This initiative supports improving national cybersecurity and is informed by best practices developed by the National Institute of Standards and Technology (NIST), especially NISTIR 8425, 8259, 8259A, and 8259B.

Who Can Apply?

Manufacturers of consumer wireless IoT products that connect to the internet will be eligible to apply for the label. The label applies to IoT products, not just the physical device. This includes:

The IoT device itself
Companion mobile apps
Cloud backends or gateways necessary for full functionality

The FCC Cyber Trust Mark will not be available for:

Wired-only IoT devices
Enterprise/industrial IoT
FDA-regulated medical devices
Vehicles and equipment under NHTSA jurisdiction
Equipment from vendors on the FCC’s Covered List or related national security watchlists

Key Stakeholders

The success of the Cyber Trust Mark hinges on collaboration among several stakeholder groups:

Cybersecurity Label Administrators (CLAs): Recognized by the FCC, CLAs are responsible for reviewing applications, verifying conformance to program requirements, and coordinating with approved CyberLABS. All CLAs operate under the same framework and responsibilities. Intertek is one of the approved CLAs for the Cyber Trust Program.
CyberLABS: These accredited testing laboratories perform security evaluations of IoT products based on the FCC’s requirements.
Manufacturers: Companies that produce consumer IoT products are responsible for developing secure-by-design products and submitting them for testing and label approval. They must continue to meet requirements through the product lifecycle.
Consumers: Consumers benefit from the label by being able to identify which products meet government-backed security criteria. The QR code on the label links to a registry with detailed information.

What Are the Requirements?

Products bearing the Cyber Trust Mark must meet minimum cybersecurity capabilities drawn from the NIST IoT core baseline. While the exact requirements are not yet available, they are expected to include:

Unique device identification
Secure default configuration
Data protection (in transit and at rest)
Software update support
Incident detection/logging
Secure remote access and credential management

What is the FCC Label Approval Process?

The approval process involves several steps to ensure that consumer IoT products meet baseline cybersecurity requirements. First, the applicant, typically the manufacturer, must have their eligible product tested by a recognized CyberLAB. Once testing is complete, the applicant submits an application to a CLA, along with the test report and other supporting documents. The CLA then reviews the application package to verify whether the IoT product meets the program’s established requirements. Based on this evaluation, the CLA either approves or denies the application for use of the FCC IoT Label.

Why it Matters?

The FCC Cyber Trust Mark helps consumers choose more secure products and incentivizes manufacturers to invest in better security; the mark aims to raise the cybersecurity baseline of the entire consumer IoT ecosystem.

Wayne Stewart

Vice President, Global IoT & AI, Intertek

With a track record exceeding 20 years in cybersecurity product evaluation, Wayne oversees global IoT cybersecurity strategy across the globe. From consumer tech to critical infrastructure, his expertise spans sectors like medical, industrial, energy, and telecom. Throughout his career, Wayne’s innovative approach to solving tough problems has helped pave the way for advanced cybersecurity testing in the telecom sector, advancements in the payment space, and early adoption of IoT cybersecurity frameworks to solve testing and customer challenges.