NIST Works Toward Security ‘Seal of Approval’ for IoT Devices

The NIST is getting closer to a set of recommendations for an IoT device labeling system. The system is intended to promote IoT cybersecurity, and will essentially stamp consumer devices with a “Seal of Approval” that indicates that they meet certain baseline security standards.

In that regard, the labeling system reflects the Biden Administration’s broader efforts to improve cybersecurity at the federal level. President Biden asked the NIST to deliver a report on potential labeling criteria in his cybersecurity executive order last May, and the agency has until May 12 of this year to follow through on the request. The agency has indicated that the report is in progress, and that its labeling pilot tests will be completed in time to meet the deadline.

The tricky part, according to the agency, will be finding a way to convince device manufacturers to embrace the labeling system. In terms of technology, the report will likely focus on best practices like data protection, access control, and secure firmware patches. However, the US’s current IoT legislation only applies to government-owned devices, so manufacturers are not legally obligated to adhere to any labeling system for devices sold to the general public.

With that in mind, the finished report is also expected to include incentives to encourage private businesses to adopt a labeling scheme. The NIST has published a preliminary white paper on the subject, though the agency is still gathering feedback before making its final recommendations.

The Cyberspace Solarium Commission has also supported the creation of a labeling scheme. The NIST itself would not be responsible for running the final program, but advised that organization to conduct market research to make sure that the labels are actually useful to consumers, since it’s not yet clear how much impact labels have on people’s buying decisions.

The NIST recently closed nominations for an IoT Advisory Board that will be asked to lead IoT policy discussions in the US. The organization is also soliciting public comments as it prepares to release an updated version of its Cybersecurity Framework.

Source: NextGov

Sponsored Links

FaceTec’s patented, industry-leading 3D Face Authentication software anchors digital identity, creating a chain of trust from user onboarding to ongoing authentication on all modern smart devices and webcams. FaceTec’s 3D FaceMaps™ make trusted, remote identity verification finally possible. As the only technology backed by a persistent spoof bounty program and NIST/iBeta Certified Liveness Detection, FaceTec is the global standard for Liveness and 3D Face Matching with millions of users on six continents in financial services, border security, transportation, blockchain, e-voting, social networks, online dating and more. www.facetec.com

FACEPHI is a global leader in Facial Recognition technology and in Mobile Biometrics technologies. With a strong concentration in the financial sector, FacePhi’s product is rapidly becoming a service used by banks all over the world. Its implementation doesn’t just save money, it is also a way to attract clients and build loyalty, while increasing the security of transactions for both the customer and the business. To learn more about FacePhi, visit https://www.facephi.com/en/

Related News & Articles

Footer

Follow Us