kras99 - stock.adobe.com

Feature

Cyber Trust Mark explained: Everything you need to know

The Cyber Trust Mark has been put in place to encourage manufacturers to improve IoT security and provide consumers with more information on the security of their devices.

Rosa Heaton
By
Published: 12 Mar 2025

The Federal Communications Commission approved the U.S. Cyber Trust Mark for IoT devices and offers a way for consumers to be reassured that their IoT devices follow recommended cybersecurity standards.

The average U.S. household uses 21 IoT devices, according to a 2023 Deloitte study. As IoT devices become staples of everyday life, the attack surface will continue to grow, and IoT security will become essential.

The Cyber Trust Mark program is similar to Energy Star, which is a government-backed labeling program that identifies products, appliances and factories with superior energy efficiency. Energy Star measures efficiency by the amount of energy a product or building uses compared with similar items in its category.

With IoT devices being prone to vulnerabilities -- such as weak passwords, lack of security updates and insecure networks -- the Cyber Trust Mark certification could empower consumers to make purchasing decisions while also considering the security of their devices. With the advent of IoT devices in healthcare, healthcare officials are optimistic that the program will provide the necessary cybersecurity assurances for Internet of Medical Things, or IoMT, devices by informing future regulations.

When was the Cyber Trust Mark program created?

Former President Joe Biden's administration first proposed the certification in July 2023. In March 2024, the Federal Communications Commission established the framework for the program, and in January 2025, the program officially launched, with 11 companies designated by the FCC as cybersecurity label administrators (CLAs). These companies will be responsible for the administration of the Cyber Trust Mark. The program is currently voluntary.

How does the Cyber Trust Mark program work?

After independent testing, products, appliances and IoT devices that meet the FCC's regulations will be issued the Cyber Trust Mark logo by independent CLAs. The shield logo will also be accompanied by a QR code, leading consumers to information about the product's security features, how to securely configure the device and security patching -- the process of updating software to address vulnerabilities and safeguard against cybersecurity risks.

Cyber Trust Mark graphic.
Example of the U.S. Cyber Trust Mark label.

By displaying the logo, manufacturers can signify to the public that their product has undergone security testing and meets official regulations from NIST.

During the certification process, manufacturers will submit their products to FCC-approved labs. Any product or device that meets the cybersecurity regulations will be allocated the Cyber Trust Mark logo.

Retailers -- such as Best Buy and Amazon -- will work collaboratively with the program by prioritizing stocking items that display the logo, promoting the logo in their own marketing and collaborating with manufacturers that demonstrate a commitment to the program.

Which products are included in the program?

Connected products that will be incorporated into the program include the following:

  • Baby monitors.
  • Fitness trackers.
  • Garage door openers.
  • Internet-connected security cameras.
  • Smart appliances.
  • Smart speakers.

IoT devices are interrelated devices that exchange information and data over the internet. IoT simplifies day-to-day life and makes everyday tasks more convenient. However, IoT devices are more prone to cyberattacks by hackers who have accessed confidential information shared between products.

By awarding the Cyber Trust Mark to IoT devices that pass the FCC's cybersecurity regulations, the program will give consumers peace of mind that their devices are secure and that their data is safe.

Following are examples of products that are not included in the program:

  • Industrial devices.
  • Medical devices.
  • Motor vehicles.
  • Smartphones.
  • Wired devices.

Reasons for exclusion vary. Products such as medical IoT devices often fall under other regulatory boards. In other cases, the complexity of the products' security requirements are not covered by current Cyber Trust Mark regulations.

The FCC has stated that although the current program focuses on wireless IoT products, the criteria could evolve over time.

What are the criteria for being Cyber Trust Mark certified?

The Cyber Trust Mark program supports the criteria set by NIST. NIST has set the criteria to drive "product-focused outcomes that enable consumers to make informed decisions about purchasing and maintaining these products."

Some of the criteria include the following:

  • Asset identification.
  • Cybersecurity controls.
  • Data protection.
  • Interface access control.
  • Product configuration.
  • Risk and use cases.
  • Software updates.

How does the Cyber Trust Mark benefit consumers?

The Cyber Trust Mark offers consumers a simple way to identify smart devices and products that have been tested and meet security standards. It assures consumers that the products they bring into their homes and use daily are secure. The label also features a QR code that directs consumers to valuable security information they might not have easily accessed otherwise.

Rosa Heaton is a content manager for the Learning Content group at Informa TechTarget.

Dig Deeper on Compliance, risk and governance