Understanding the US Cyber Trust Mark

Mar 3, 2025 | Cyber resilience act, news

The United States is set to launch the US Cyber Trust Mark in 2025, a groundbreaking voluntary initiative aimed at enhancing the cybersecurity of wireless consumer IoT products sold in the U.S. market. This program marks a significant step in creating safer digital ecosystems by promoting transparency, security, and trust in smart devices.

As mentioned in our previous article, a CyberSafe Products Action Plan builds on existing cybersecurity frameworks. In the EU we have the Cyber Resilience Act (CRA) that establishes security requirements for digital products, while in the U.S. there is the Cyber Trust Mark Program. Let`s dive deeper to understand better this trust mark.

What is the US Cyber Trust Mark?

The US Cyber Trust Mark is a cybersecurity labeling program introduced by the Federal Communications Commission (FCC). Its goal is to help consumers identify IoT products that meet recognized cybersecurity standards, empowering them to make informed decisions about the devices they bring into their homes.

The program is designed to enhance the security of wireless consumer IoT products sold in the United States. The program applies to a wide range of devices, including smart home appliances, wearable technologies, and other connected products, ensuring comprehensive coverage of the consumer IoT market.

Participation in the initiative is voluntary, allowing manufacturers to demonstrate their commitment to cybersecurity by meeting established standards. With the program’s expected launch in 2025, businesses have time to align their products with the framework and prepare for compliance, showcasing their dedication to delivering secure and trustworthy technologies.

How Does the U.S. Cyber Trust Mark Work?

The program involves Cybersecurity Label Administrators (CLAs)– organizations authorized to assess IoT products for compliance with security standards. In December 2024, the FCC announced the conditional approval of 11 companies as CLAs, with UL Solutions selected as the Lead Administrator. These administrators will evaluate product applications, authorize the use of the label, and support consumer education.

Participating devices will feature a certification label with a shield logo and a QR code, allowing consumers to scan for detailed security information, including support periods, automatic software updates, and security patch details.

Bureau Veritas (7layers), a partner in the CRACoWi Project, is one of the organizations that can conduct these cybersecurity assessments under the U.S. Cyber Trust Mark framework through authorization as Lab for CSA-PSWG, CTIA IoT-Cyber and ioXt. With its expertise in testing, certification, and regulatory compliance, Bureau Veritas helps businesses navigate the certification process efficiently, ensuring they meet the necessary security requirements.

Global Streamlining

In a joint statement, the European Union (EU) and U.S. have emphasized their commitment to mutual recognition of cybersecurity standards, including the US Cyber Trust Mark and the EU’s Cyber Resilience Act (CRA). This alignment seeks to streamline compliance for global manufacturers, ensuring that IoT products meet shared security expectations across both markets. Read also our article on Transatlantic Cooperation for Cybersecurity and a Safer Future for IoT Products

Except initiatives introduced by national authorities, we can see some good examples of projects, like the CRACoWi Project, that play a vital role in improving cybersecurity awareness and resilience in IoT devices. By highlighting initiatives like the U.S. Cyber Trust Mark, CRACoWi helps manufacturers navigate global cybersecurity requirements and align with emerging standards.

The launch of the U.S. Cyber Trust Mark is a critical step toward securing the digital world. By adopting voluntary cybersecurity certifications, manufacturers can demonstrate their commitment to security and innovation, while consumers gain greater confidence in IoT technologies.

💡 Stay Connected:

CRACoWi Project Officially Kicks Off in Athens

Oct 3, 2024 | events

Athens – The CRACoWi project officially launched with a two-day event – Kick-off Meeting and press conference – in Athens, organized by ITML, the project coordinator. Funded under the Digital Europe Program (DEP)and supported by the European Cybersecurity Competence Centre, the project unites 14 partners from 4 EU countries – Greece, Germany, Slovenia, and Cyprus– to develop essential tools for cybersecurity compliance and certification in the digital market.

CRACoWi (Cyber Resilience Act – Compliance Wizard) aims to create a digital tool (Compliance Wizard) that helps SMEs, manufacturers, and distributors comply with the EU’s Cyber Resilience Act. By automating compliance assessments, generating necessary documentation, and supporting cybersecurity certification, CRACoWi ensures businesses can easily meet new cybersecurity standards throughout the product lifecycle.

The project began on September 1st, 2024, and will run for 36 months, focusing on simplifying cybersecurity compliance for businesses.

On September 30th, the first day of the kick-off conference, partners presented their work packages, deliverables, and project objectives. Attendees also received insights from the EU Project Officer, who shared best practices for implementing Digital Europe Program projects and aligning CRACoWi with EU cybersecurity objectives.

On October 1st, the second day of the conference, presentations featured complementary projects and initiatives, focusing on shared goals and collaboration across the cybersecurity ecosystem. Highlights included:

  • A detailed overview of the Cyber Resilience Act and the Radio Equipment Directive (RED), providing insights into how RED’s implementation informed the CRA.
  • Presentations from related projects such as SENTINEL, CYberSynchrony, and UNDERPIN, emphasizing synergies with CRACoWi in addressing common cybersecurity challenges.
  • A live demonstration of BUNKAI and an overview of the CYRENE project, illustrating hands-on approaches to cybersecurity tool development.

This is just the beginning of our journey toward making Europe’s digital market more secure! Stay tuned for more updates as we continue to push the boundaries of cybersecurity and compliance.

Follow CRACoWi!Stay updated on the CRACoWi project by following us on:

LinkedIn: https://www.linkedin.com/company/cracowi

X (formerly Twitter): https://x.com/CRACoWiProject