NIST Workshop on Cybersecurity Labeling Programs for IoT Devices
On September 14-15, 2021, the National Institute of Standards and Technology (“NIST”) hosted a public workshop, as part of its efforts to create a consumer labeling program to communicate Internet security capabilities consumer objects (“IoT”) devices and software development practices, as mandated by the Biden administration’s executive order of May 2021 on improving the nation’s cybersecurity. NIST, in coordination with the Federal Trade Commission and other agencies, is to identify the criteria and components for such a labeling program by February 6, 2022.
In May 2021, NIST released a draft white paper that summarized its review of the trust mechanisms currently available for the security of consumer IoT devices and in August 2021, NIST released a draft white paper that detailed the draft. basic security criteria for consumer IoT devices. NIST has invited public comments on the draft baseline security criteria, which are due by October 17, 2021. The NIST workshop addressed the proposed security criteria and related issues. Various stakeholders participated in the workshop, including representatives of government agencies, private industry and academic experts.
NIST will not establish its own labeling program, but rather will identify minimum requirements and desirable attributes and outcomes for labeling programs, so that suppliers and consumers can choose the best labeling solutions for their devices. and environments. According to NIST, such a labeling program should:
encourage innovation in manufacturers’ IoT security efforts, allowing room for changes in technology and the security landscape;
be practical and non-binding for manufacturers and distributors;
take user-friendliness into account as a key factor;
draw on national and international experience; and
enable a diversity of approaches and solutions across industries, verticals and use cases, provided these approaches are useful and effective for consumers.
Copyright © 2021, Hunton Andrews Kurth LLP. All rights reserved.Revue nationale de droit, volume XI, number 270