White House launches cybersecurity label program for consumers
The White House announced Tuesday the official launch of the U.S. Cyber Trust Mark, a cybersecurity labeling initiative aimed at enhancing the security of internet-connected devices.
The initiative tackles rising consumer concerns about the security vulnerabilities of “smart” devices essential to modern homes. As households become more dependent on interconnected gadgets — with a 2023 Deloitte study revealing that the average U.S. household has 21 connected devices — the threat of cyberattacks becomes increasingly significant. These threats include hackers gaining unauthorized access to home security systems and illicit recordings through unsecured cameras.
The Cyber Trust Mark aims to reassure users by offering clear security evaluations of the products they use every day.
“Consumers don’t have the confidence that they can connect a device at home and know that their private pictures and communications will be secure,” Anne Neuberger, the White House’s deputy national security adviser for cyber and emerging technology, told reporters Tuesday. “So this program takes on that problem in a bipartisan and voluntary way.”
This development comes after an 18-month public notice and comment period, marked by a bipartisan and unanimous decision from the Federal Communications Commission (FCC) to authorize the program and establish official guidelines, including a distinct shield logo for certified products.
The U.S. Cyber Trust Mark draws parallels to the EnergyStar label, which successfully incentivized manufacturers and informed consumers about energy-efficient products. Similarly, this cybersecurity label seeks to guide consumer choices, while prompting manufacturers to rigorously test and certify their products against criteria dictated by the U.S. National Institute of Standards and Technology.
In December 2024, the FCC provisionally accredited 11 companies as Cybersecurity Label Administrators, with UL Solutions conditionally named as the lead administrator. Additionally, major electronics, appliance, and consumer product manufacturers and sellers, like Best Buy and Amazon, will also participate in the program.
“We see great potential in the U.S. Cyber Trust Mark program, said Michael Dolan, a senior director at Best Buy. “It is a positive step forward for consumers and we are excited about the opportunity to highlight this program for our customers.”
While the program is initially focused on consumer products, Neuberger explained Tuesday that the next phase will involve standards for enterprise devices like small office and home office (SOHO) routers and smart meters. NIST is working on the security standards for these enterprise devices, as they have been targets of abuse. The program will then expand the program to cover enterprise equipment to create a more secure environment for businesses and organizations.
Neuberger also said a forthcoming executive action will require the government to purchase only Cyber Trust Mark-labeled devices beginning in 2027.
At its core, the U.S. Cyber Trust Mark reflects a collaborative model between the government and the private sector. It is designed to incentivize companies to align with established security standards while providing consumers with an easy-to-recognize assurance of safety in their digital products. As the program rolls out in 2025, manufacturers will have the opportunity to submit their products for certification, and consumers will be encouraged to seek out products bearing the Trust Mark label.
“The Cyber Trust Mark program is really a creative example of this public-private partnership, connecting American consumers who want to feel safe when they buy connected devices like smart TVs, fitness trackers, security cameras, smart kitchen appliances and baby monitors with companies who need more incentives to build cybersecurity into their products, and the U.S. government and our goal of giving American consumers an easy way to buy cyber secure products and to feel that their products are safe and secure,” Neuberger said.
