View all text of Subpart B [§ 8.201 - § 8.222]

§ 8.203 - Definitions.

(a) Affiliate. For purposes of this subpart and the IoT labeling program, an affiliate is defined as a person that (directly or indirectly) owns or controls, is owned or controlled by, or is under common ownership or control with, another person. For purposes of this subpart, the term own means to own an equity interest (or the equivalent thereof) of more than 10 percent.

(b) Consumer IoT products. IoT products intended primarily for consumer use, rather than enterprise or industrial use. Consumer IoT products exclude medical devices regulated by the U.S. Food and Drug Administration (FDA) and excludes motor vehicles and motor vehicle equipment regulated by the National Highway Traffic Safety Administration (NHTSA).

(c) Cybersecurity Label Administrator (CLA). An accredited third-party entity that is recognized and authorized by the Commission to manage and administer the labeling program in accordance with the Commission's rules in this subpart.

(d) Cybersecurity Testing Laboratory (CyberLAB). Accredited third-party entities recognized and authorized by a CLA to assess consumer IoT products for compliance with requirements of the labeling program.

(e) Cyber Trust Mark. A visual indicator indicating a consumer IoT product complies with program requirements of the labeling program and the Commission's minimum cybersecurity requirements in this subpart.

(f) FCC IoT Label. A binary label displayable with a consumer IoT product complying with program requirements of the labeling program, the binary label bearing the Cyber Trust Mark, and a scannable QR code that directs consumers to a registry containing further information on the complying consumer IoT product.

(g) Intentional radiator. A device that intentionally generates and emits radiofrequency energy by radiation or induction.

(h) Internet-connected device. A device capable of connecting to the internet and exchanging data with other devices or centralized systems over the internet.

(i) IoT device. (1) An internet-connected device capable of intentionally emitting radiofrequency energy that has at least one transducer (sensor or actuator) for interacting directly with the physical world; coupled with

(2) At least one network interface (e.g., Wi-Fi, Bluetooth) for interfacing with the digital world.

(j) IoT product. An IoT device and any additional product components (e.g., backend, gateway, mobile app) that are necessary to use the IoT device beyond basic operational features, including data communications links to components outside this scope but excluding those external components and any external third-party components that are outside the manufacturer's control.

(k) Labeling program. A voluntary program for consumer IoT products that allows a complying consumer IoT product to display an FCC IoT Label.

(l) Lead Administrator. A CLA selected from among Cybersecurity Label Administrators (CLAs) to be responsible for carrying out additional administrative responsibilities of the labeling program.

(m) Product components. Hardware devices, plus supporting components that generally fall into three main types per NISTIR 8425: specialty networking/gateway hardware (e.g., a hub within the system where the IoT device is used); companion application software (e.g., a mobile app for communicating with the IoT device); and backends (e.g., a cloud service, or multiple services, that may store and/or process data from the IoT device). Should a product component also support other IoT products through alternative features and interfaces, these alternative features and interfaces may, through risk-assessment, be considered as separate from and not part of the IoT product for purposes of authorization.

(n) Registry. Information presented to consumers about consumer IoT products that comply with the program requirements of the labeling program, the registry is publicly accessible through a link from the QR Code of the FCC IoT Label displayed with the complying consumer IoT product, and containing information about the complying consumer IoT product, manufacturer of the complying consumer IoT product, and other information as required by the labeling program.