AuditXYZ

Compliance Framework

US Cyber Trust Mark Program

The US Cyber Trust Mark is a voluntary IoT security labeling program. This guide covers certification requirements, testing process, eligible product categories, and how the label builds consumer trust.

$10,000–$75,0002–6 monthsAudit Required2024
Request a ConsultationSee process
Issuing BodyFederal Communications Commission (FCC) / National Institute of Standards and Technology (NIST)
First Published2024-03-14
Latest Version2024
Typical Cost$10,000–$75,000
Typical Timeline2–6 months
Audit RequiredYes
Audit FrequencyProducts must be tested and certified by CyberLABs (FCC-recognized accredited labs). Annual reassessment required to maintain the label.
Geographyunited-states

US Cyber Trust Mark: IoT Security Labeling Guide

The US Cyber Trust Mark is a voluntary cybersecurity labeling program for consumer Internet of Things (IoT) devices, established by the FCC in partnership with NIST. Similar to the Energy Star label for energy efficiency, the Cyber Trust Mark provides consumers with a recognizable shield logo indicating that a connected device meets baseline cybersecurity standards. The program aims to improve IoT security across the consumer market by creating market incentives for manufacturers to build secure products.

What the Cyber Trust Mark Covers

The program's security requirements are based on NIST's criteria for consumer IoT cybersecurity (NIST IR 8425). Products must demonstrate capabilities across several areas: unique device identification, secure default configuration, software and firmware update capability, strong authentication mechanisms, data protection for both stored and transmitted information, physical and logical access controls, vulnerability and incident logging, and support for vulnerability disclosure.

Products bearing the Cyber Trust Mark include a QR code that consumers can scan to access up-to-date security information about the device, including when the manufacturer will stop providing security updates — bringing unprecedented transparency to consumer IoT security.

Who Should Pursue Cyber Trust Mark

Manufacturers of consumer IoT devices including smart home products (cameras, doorbells, thermostats, speakers), consumer routers, fitness trackers, connected appliances, and other consumer-facing connected devices. While the program is voluntary, major retailers are expected to prioritize Cyber Trust Mark products, creating market pressure for adoption. Products manufactured outside the US can also qualify if they meet the requirements.

Certification Process

Select an FCC-recognized CyberLAB (accredited testing laboratory) to evaluate your product. The lab tests the product against the Cyber Trust Mark criteria and issues a certification report. Submit the certification to the FCC with your application. Upon approval, you receive authorization to display the Cyber Trust Mark shield logo on your product and packaging. Products must be reassessed annually to maintain certification.

Cost Considerations

Certification costs range from $10,000 for simple IoT devices to $75,000 for complex products with multiple communication interfaces and extensive software stacks. Lab testing fees represent the largest cost component. Manufacturers producing multiple product lines should budget per-product certification costs. The business case is driven by retail channel requirements and growing consumer awareness of IoT security risks.

Get the Cyber Trust Mark starter pack

By submitting, you agree to our privacy policy.

Framework Mappings

Related frameworks

nist-csfcis-benchmarksiec-62443

Get matched with a Cyber Trust Mark auditor in 24 hours

Free, no-obligation — just tell us your email and we'll do the rest.

By submitting, you agree to our privacy policy.

Related Frameworks

CIS Benchmarks
Framework
CIS Benchmarks provide prescriptive configuration guidelines for hardening IT infrastructure. This guide covers benchmark categories, implementation profiles, automation, and how to use CIS Benchmarks for compliance.
View
IEC 62443
Framework
IEC 62443 is the global standard for industrial automation and control system cybersecurity. This guide covers security levels, zones and conduits, roles, certification, and OT security implementation.
View
NIST CSF
Framework
The NIST Cybersecurity Framework provides a flexible, risk-based approach to managing cybersecurity risk. Learn how CSF 2.0 helps organizations of all sizes improve their security posture.
View

Recommended Tools

6clicks Review 2026: Pricing, Features, and Verdict
Tool
Review of 6clicks, the AI-powered GRC platform with hub-and-spoke architecture. Covers Hailey AI, multi-entity support, pricing, and ideal use cases.
View
Akitra Review 2026: Pricing, Features, and Verdict
Tool
Review of Akitra, a compliance automation platform with broad framework coverage including FedRAMP and CMMC. Covers pricing, features, and who should use it.
View
Anecdotes Review 2026: Pricing, Features, and Verdict
Tool
Review of Anecdotes, a compliance OS that aggregates security tool data. Covers the aggregation approach, AI gap analysis, and comparison with Vanta.
View
Anecdotes Trust Center Review 2026: Pricing, Features, and Verdict
Tool
Review of Anecdotes Trust Center, the compliance-as-code trust portal. Covers live compliance sync, developer-friendly approach, pricing, and positioning.
View