Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

White House sets voluntary security standard for smart home devices

The US wants security standards for smart home devices

Last updated

A new program from the Federal Communications Commission is aimed at helping people identify safe smart home devices by branding them as having met security rules.

The White House has unveiled a cybersecurity certification and labeling initiative. It's designed to help people make informed choices regarding smart devices that prioritize safety and have protection against cyberattacks.

It's called the "US Cyber Trust Mark" program and is led by the FCC. Next, the FCC is anticipated to solicit public feedback on implementing the voluntary cybersecurity labeling program. This program is projected to be operational by 2024.

Under the proposal, the program would rely on collaborative efforts from stakeholders to certify and label products, adhering to cybersecurity criteria outlined by the National Institute of Standards and Technology (NIST). These criteria include robust default passwords, data safeguarding, regular software updates, and effective incident detection capabilities.

  • The FCC will use a QR code linked to a national registry of certified devices that provides security information about smart products.
  • NIST will define cybersecurity rules for consumer routers by the end of 2023.
  • The US Department of Energy is working with National Labs and industry partners to research and develop cybersecurity labeling requirements for smart meters and power inverters.
  • The US Department of State will support the FCC to work with other countries and encourage them to work on similar labeling programs.

Current participants in the program include Amazon, Best Buy, Carnegie Mellow University, CyLab, Cisco Systems, Connectivity Standards Alliance, Consumer Reports, Consumer Technology Association, Google, and others. Although Apple is part of the CSA and CTA, the company isn't listed individually in the announcement.

However, Apple already has various security measures for its HomeKit standard for smart home devices. For example, HomeKit uses encryption to secure data transmitted between compatible devices.

Apple has not commented on the government's program.



6 Comments

ihatescreennames 19 Years · 1977 comments

I’d like to know what they mean by “data safeguarding”. I’d like to think that means that recordings/transcripts of what I say to a smart speaker can’t be shared with third parties, but that probably isn’t covered.

Current participants in the program include Amazon, Best Buy, Carnegie Mellow University, CyLab, Cisco Systems, Connectivity Standards Alliance, Consumer Reports, Consumer Technology Association, Google, and others. Although Apple is part of the CSA and CTA, the company isn't listed individually in the announcement.


I’ve read they do a lot of research into THC at CMU.

jfabula1 2 Years · 173 comments

Oh gee….that’s a good start, hopefully same thing w cocaine carrying devices…..ehehehehe

chasm 10 Years · 3624 comments

I note with interest that the word “privacy” does not appear in these guidelines, so teh “security” part of this doesn’t apply to users, only helping to prevent hacking attacks and malware. Which is better than nothing, but far short of what Apple has been doing since day one of its own smart home devices …

kdupuis77 15 Years · 160 comments

jfabula1 said:
Oh gee….that’s a good start, hopefully same thing w cocaine carrying devices…..ehehehehe

I was just gonna say, maybe the White House should start with their own security standards lol. *Wipes white powder from nostrils..

FileMakerFeller 6 Years · 1561 comments

I’ve read they do a lot of research into THC at CMU.

Ah, you beat me to it! Wish I could upvote this more than once.