Federal & State Lawfederalstatelaw.com
Home/Federal/Federal Register/2024-17482
Rule2024-17482

Cybersecurity Labeling for Internet of Things

Primary source

Metadata and text below are from the Federal Register, a public-domain U.S. government work. Always verify the official published version before relying on it for any legal matter.

Published
August 9, 2024
Effective
August 29, 2024

Issuing agencies

Federal Communications Commission

Abstract

In this document, the Federal Communications Commission (Commission or FCC) announces that the Office of Management and Budget (OMB) has approved, for a period of three years, an information collection associated with rules establishing a voluntary cybersecurity labeling program for wireless consumer Internet of Things, or IoT, products in the Report and Order and Further Notice of Proposed Rulemaking (IoT Order). This document is consistent with the IoT Order, which stated that the Commission would publish a document in the Federal Register announcing the effective date of those rules.

Full Text

<html>
<head>
<title>Federal Register, Volume 89 Issue 154 (Friday, August 9, 2024)</title>
</head>
<body><pre>
[Federal Register Volume 89, Number 154 (Friday, August 9, 2024)]
[Rules and Regulations]
[Page 65224]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2024-17482]



[[Page 65224]]

FEDERAL COMMUNICATIONS COMMISSION

47 CFR Part 8

[PS Docket No. 23-239; FCC 24-26; FR ID 236839]


Cybersecurity Labeling for Internet of Things

AGENCY: Federal Communications Commission.

ACTION: Final rule; announcement of compliance date.

-----------------------------------------------------------------------

SUMMARY: In this document, the Federal Communications Commission 
(Commission or FCC) announces that the Office of Management and Budget 
(OMB) has approved, for a period of three years, an information 
collection associated with rules establishing a voluntary cybersecurity 
labeling program for wireless consumer Internet of Things, or IoT, 
products in the Report and Order and Further Notice of Proposed 
Rulemaking (IoT Order). This document is consistent with the IoT Order, 
which stated that the Commission would publish a document in the 
Federal Register announcing the effective date of those rules.

DATES: The compliance date for 47 CFR 8.208, 8.209, 8.212, 8.214, 
8.215, 8.217, 8.218, 8.219, 8.220, 8.221, and 8.222, added on July 30, 
2024, at 89 FR 61242, and effective August 29, 2024, is September 9, 
2024.

FOR FURTHER INFORMATION CONTACT: Zoe Li, Cybersecurity and 
Communications Reliability Division, Public Safety and Homeland 
Security Bureau, (202) 418-2490, or by email to <a href="/cdn-cgi/l/email-protection#a8f2c7cd86e4c1e8cecbcb86cfc7de"><span class="__cf_email__" data-cfemail="207a4f450e6c49604643430e474f56">[email&#160;protected]</span></a>.

SUPPLEMENTARY INFORMATION: This document announces that OMB approved 
the information collection requirements in Sec. Sec.  8.208, 8.209, 
8.212, 8.214, 8.215, 8.217, 8.218, 8.219, 8.220, 8.221, and 8.222 on 
July 30, 2024.
    The Commission publishes this document as an announcement of the 
effective date of the rules. If you have any comments on the burden 
estimates listed below, or how the Commission can improve the 
collections and reduce any burdens caused thereby, please contact 
Nicole Ongele, Federal Communications Commission, 45 L Street NE, 
Washington, DC 20554, regarding OMB Control Number 3060-1328. Please 
include the applicable OMB Control Number in your correspondence. The 
Commission will also accept your comments via email at <a href="/cdn-cgi/l/email-protection#72222033321411115c151d04"><span class="__cf_email__" data-cfemail="68383a29280e0b0b460f071e">[email&#160;protected]</span></a>.
    To request materials in accessible formats for people with 
disabilities (Braille, large print, electronic files, audio format), 
send an email to <a href="/cdn-cgi/l/email-protection#cbada8a8fefbff8bada8a8e5aca4bd"><span class="__cf_email__" data-cfemail="e1878282d4d1d5a1878282cf868e97">[email&#160;protected]</span></a> or call the Consumer and Governmental 
Affairs Bureau at (202) 418-0530 (voice), (202) 418-0432 (TTY).

Synopsis

    As required by the Paperwork Reduction Act of 1995 (44 U.S.C. 
3507), the FCC is notifying the public that it received final OMB 
approval on July 30, 2024, for the information collection requirements 
contained in Sec. Sec.  8.208, 8.209, 8.212, 8.214, 8.215, 8.217, 
8.218, 8.219, 8.220, 8.221, and 8.222. Under 5 CFR part 1320, an agency 
may not conduct or sponsor a collection of information unless it 
displays a current, valid OMB Control Number.
    No person shall be subject to any penalty for failing to comply 
with a collection of information subject to the Paperwork Reduction Act 
that does not display a current, valid OMB Control Number. The 
foregoing notification is required by the Paperwork Reduction Act of 
1995, Public Law 104-13, October 1, 1995, and 44 U.S.C. 3507.
    The total annual reporting burdens and costs for the respondents 
are as follows:
    OMB Control Number: 3060-1328.
    OMB Approval Date: July 30, 2024.
    OMB Expiration Date: July 31, 2027.
    Title: Participation Information Collection for the IoT Labeling 
Program.
    Form Number: N/A.
    Respondents: Business or other for-profit entities, not-for-profit 
institutions.
    Number of Respondents and Responses: 312 respondents; 3,130 
responses.
    Estimated Time per Response: 14 hours.
    Frequency of Response: One-time; On occasion; Recordkeeping and 
Annual reporting requirements.
    Obligation to Respond: Voluntary. Statutory authority for this 
collection is contained in sections 1, 2, 4(i), 4(n), 302, 303(r), 312, 
333, and 503, of the Communications Act of 1934, as amended, 47 U.S.C. 
151, 152, 154(i), 154(n), 302a, 303(r), 312, 333, 503; the IoT 
Cybersecurity Improvement Act of 2020, 15 U.S.C. 278g-3a to 278g-3e.
    Total Annual Burden: 42,700 hours.
    Total Annual Cost: No cost.
    Needs and Uses: The collection will advance the public interest and 
safety because it is the basis for the Commission's IoT Labeling 
Program, which will provide consumers with an easy-to-understand and 
quickly recognizable FCC IoT Label that includes the U.S. government 
certification mark (referred to as the Cyber Trust Mark) that provides 
assurances regarding the baseline cybersecurity of an IoT product, 
together with a QR code that directs consumers to a registry with 
specific information about the product. This collection will help 
consumers make better purchasing decisions, raise consumer confidence 
with regard to the cybersecurity of the IoT products they buy to use in 
their homes and their lives, and encourage manufacturers of IoT 
products to develop products with security-by-design principles in 
mind. In addition, consumers who purchase an IoT product that bears the 
FCC IoT Label can be assured that their product meets the minimum 
cybersecurity standards of the IoT Labeling Program, which in turn will 
strengthen the chain of connected IoT products in their own homes and 
as part of a larger national IoT ecosystem. In addition, the Order 
estimates that the program will save consumers at least $60 million 
annually from reduced time spent researching cybersecurity features of 
potential purchases.

Federal Communications Commission.
Katura Jackson,
Federal Register Liaison Officer, Office of the Secretary.
[FR Doc. 2024-17482 Filed 8-8-24; 8:45 am]
BILLING CODE 6712-01-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>
View on FederalRegister.gov →Plain-text source
Indexed from Federal Register on August 9, 2024.

This is legal information, not legal advice. Laws vary by jurisdiction and change frequently. Always verify current law with official sources and consult a licensed attorney in your jurisdiction for advice on your specific situation.