Export Compliance Daily is a Warren News publication.

CTIA: Industry Needs Clarity on Parts of Cyber Mark Program

The record reflects consensus on the need for federal funding for consumer education that will make the FCC’s voluntary cyber trust mark program a success, CTIA told the FCC in reply comments posted Wednesday in docket 23-239. Other aspects of…

Sign up for a free preview to unlock the rest of this article

Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.

the program require “further consideration and clarification,” CTIA said: “In particular, the Bureau should reduce uncertainty about the role of [cybersecurity labeling administrators] and minimize the burdens that will be placed on CLAs.” FCC commissioners approved 5-0 in March a voluntary cyber-mark program while adopting a Further NPRM seeking comment on some details (see 2403140034). Reply comments were due Tuesday. Initial comments last month urged the regulator to proceed cautiously when crafting rules for the CLAs and for the lead administrator, who will oversee an IoT product registry under the program (see 2408200037). The Electronic Privacy Information Center stressed the importance of a fair and transparent process in selecting CLAs. “We support the [Public Safety] Bureau’s proposals that the standards, testing criteria, and label design be stakeholder consensus-based, but urge that the relevant stakeholder entities should include representatives from consumer advocacy groups and not merely … representatives from industry groups,” EPIC said. The American Association for Laboratory Accreditation called on the FCC to accept and conditionally approve CLA applicants provided they meet the requirements standard 17065 from the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC). “The principles of ISO/IEC 17065 ensure the technical competence in undertaking the scope of work; the need for resources to fulfill the work is reviewed and satisfied; suitable policies and procedures are established and implemented to undertake the work with integrity; impartiality in practices is maintained and confirmed; and operations are supported with a quality management system,” the group said. Somos said the IoT registry should include sensor data, while protecting consumer privacy. “The IoT registry should include general information about sensor types and their cybersecurity features, without revealing specific personal or sensitive data collected by these sensors,” Somos said: “This approach aims to provide transparency regarding device capabilities and risks while protecting user privacy.”