US NIST publishes a discussion paper about cybersecurity labelling for IoT products

The US National Institute of Standards and Technology (NIST) publishes a discussion paper about consumer cybersecurity labelling for IoT products. This document provides an update about NIST’s work in initiating a “pilot” program on cybersecurity labelling for IoT products. According to the document, NIST proposes an approach and key considerations in a consumer IoT product cybersecurity labelling program, including proposed baseline product criteria, labeling, and conformity assessment considerations. In addition, NIST aims to identify key elements of the labelling program in terms of minimum requirements and desirable attributes to specify desired outcomes, allowing providers and customers to choose solutions for their devices and environments. So far, NIST has concluded that multiple variations of labelling approaches likely would cause confusion among consumers and limit the effectiveness of such efforts. Therefore, labelling criteria and the labels themselves are consistent across products and labeling program offerings.