At the end of July, the National Institute for Standards and Technology (“NIST”) released draft cybersecurity guidance for IoT device manufacturers. The document, titled Core Cybersecurity Feature Baseline for Securable IoT Devices: A Starting Point for IoT Device Manufacturers, is intended, according to NIST, identify the cybersecurity features that IoT devices should have “to make them at least minimally securable by the individuals and organizations who acquire and use them.” The NIST document is not a rule or requirement for IoT devices, but rather is a continuation of NIST’s effort to foster the development and application of voluntary standards, guidelines, and related tools to improve the cybersecurity of connected devices.

NIST is seeking comment on the document through September 30 of this year and it held a workshop in August for interested parties to discuss the document. In a prior post, I blogged on takeaways from that workshop. Now, it’s time to take a closer look at the NIST document itself.

Continue Reading Securing IoT Devices (Part 2): Inside the NIST Guidance Document for IoT Device Manufacturers

On October 24, the FCC Laboratory published a number of new and updated documents through its Knowledge Database (“KDB”) that liberalize further the equipment authorization process for a number of product types, including Software Defined Radios (“SDRs”).  That same day, the Lab released numerous other KDB publications providing guidance regarding both its RF exposure test procedures applicable to cellphones, smartphones, laptops, tablets, and other categories of devices, and the Commission’s “Permit But Ask” (“PBA”) procedures, which enable telecommunications certification bodies (“TCBs”) to test equipment for compliance with RF emissions limits even though the Commission has issued only partial guidance or where a certain amount of FCC oversight is still considered necessary.  Together, these changes are designed to allow a broader range of consumer devices subject to equipment authorization requirements prior to their being offered for sale, imported, or otherwise marketed to reach the marketplace quickly by allowing importers, manufacturers, and service providers to get them certificated more rapidly than in the past through the TCB process.

This wave of KDB publications, which are effective immediately subject to certain conditions in some cases, comes only one week after the FCC announced that a draft Notice of Proposed Rulemaking (“NPRM”) is on circulation among the Commissioners that would consider (a) codification of and refinements to the FCC’s permit-but-ask (“PBA”) procedure, (b) further articulating the post-grant obligations of TCBs, (c) requiring labs that manufacturers and importers use to test radiofrequency equipment to be accredited, and (d) officially recognizing the latest industry testing standards.  The text of the NPRM is not yet available and it is uncertain when the Commission will adopt the NPRM, which it is expected to do.

Continue Reading FCC Lab Offers Major New Guidance on Equipment Authorization and RF Exposure Evaluation Procedures and Announces Notice of Proposed Rulemaking on Circulation at the Commission