Design Requirements for a Label for IoT Devices

Design Requirements for a Label for IoT Device Cybersecurity (ANSI/CTA-2120)

This document provides the design requirements for an IoT device cybersecurity label such as the US Cyber Trust Mark. The label outlined in this standard is intended to convey information related to cybersecurity compliance with baseline security standards. The label is composed of several layers. The on-package layer (Layer 0) is a binary on-package marking, including a trademark and a mechanism (QR code) to link consumers to more detailed information on Layers 1 and 2.

Layer 1 of the label is intended to present consumer-friendly information supporting the product’s qualification according to assessment criteria. Layer 2 is intended to have a more technical focus, and present information more relevant to a sophisticated consumer user, or perhaps a professional cybersecurity user.

This standard also defines how data fields are to be presented in order to ensure consistent display and a standardized format for communication in the API.