Technology groups urge NIST to distinguish between ‘criteria’ and ‘requirements’ in IoT cyber labeling effort

Two major technology associations are asking NIST to make a clear distinction on how criteria for a consumer Internet of Things cybersecurity labeling pilot will be used in practice, and to avoid setting up a regime with requirements for industry when submitting its final baseline deliverable to the White House in February.

The National Institute of Standards and Technology is tasked with developing criteria under a May cybersecurity executive order that could be used for two consumer cybersecurity labeling pilots...