The Biden administration is considering two new policies to give government, corporate, and individual tech consumers assurance that products are being designed with cybersecurity in mind. During a March 12 background briefing, a senior administration official said that executive actions are coming in the “next couple of weeks” to give security grades to software companies and to add security labels to internet-of-things devices.
The former was described by analogy to New York City posting health inspection grades outside restaurants. The latter may be based on authority found in the Internet of Things Cybersecurity Improvement Act, signed into law in December 2020, but which only extends to federal purchases. A proposal by the Cybersecurity Solarium Commission recommended establishing a new nongovernmental, nonprofit entity called the “National Cybersecurity Certification and Labeling Authority,” but this has not been enacted.
Source:
- Federal Computer Week: White House Tees up Cyber Labeling Policy
