October 20, 2021

Volume XI, Number 293

Advertisement
Advertisement

October 19, 2021

Subscribe to Latest Legal News and Analysis

October 18, 2021

Subscribe to Latest Legal News and Analysis

NIST Holds a Two-Day Public Workshop on Cybersecurity Labeling Programs for Internet of Things Devices and Software

On September 14 and 15, 2021, the National Institute of Standards and Technology (“NIST”) held a public workshop, as part of its effort to create a consumer labeling program to communicate the security capabilities of consumer Internet of Things (“IoT”) devices and software development practices, as mandated by the Biden administration’s May 2021 Executive Order on Improving the Nation’s Cybersecurity. NIST, in coordination with the Federal Trade Commission  and other agencies, must identify the criteria and components of such a labeling program by February 6, 2022.

In May 2021, NIST released a draft white paper that summarized its review of the currently available confidence mechanisms for the security of consumer IoT devices and in August 2021, NIST released a draft white paper that detailed draft baseline security criteria for consumer IoT devices. NIST has sought public comments on the draft baseline security criteria, which are due by October 17, 2021. NIST’s workshop touched upon the proposed security criteria and related issues. A variety of stakeholders participated in the workshop, including representatives from government agencies, the private industry and academic experts.

NIST will not establish its own labeling program, and will instead identify minimum requirements and desirable attributes and outcomes for labeling programs, so that providers and consumers can choose the best labeling solutions for their devices and environments. According to NIST, such labeling program should:

  • encourage innovation in manufacturers’ IoT security efforts, leaving room for changes in technologies and the security landscape;

  • be practical and not burdensome to manufacturers and distributors;

  • factor in usability as a key consideration;

  • build on national and international experience; and

  • allow for diversity of approaches and solutions across industries, verticals and use cases, provided such approaches are useful and effective for consumers.

Copyright © 2021, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume XI, Number 270
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct
Advertisement
Advertisement
Advertisement