U.S. Government to Require Cybersecurity Trust Mark (CTM) for IoT Purchases Starting 2027
[June 12, 2025 — Taipei] President Donald J. Trump has signed a new executive order mandating that, starting January 4, 2027, all Internet of Things (IoT) devices procured by U.S. federal agencies must be certified under the Cybersecurity Trust Mark (CTM) program. Originally launched by the Federal Communications Commission (FCC) in 2023, CTM will soon become a mandatory benchmark for national cybersecurity in the public sector.
Reference,Sec 7 (c):
📌 What Is the Cybersecurity Trust Mark?
The CTM is a U.S. cybersecurity labeling initiative for consumer-grade IoT devices. It helps buyers identify products that meet security best practices based on the NIST IR 8425 guidelines.
Key features include:
-
✅ Secure-by-design standards (no default passwords, software updates, vulnerability reporting)
-
✅ Compliance assessed by third-party testing labs
-
✅ Dynamic QR codes linking to real-time product compliance info
📦 What Devices Are Covered?
Initial scope includes:
-
Wireless routers and extenders
-
IP cameras and smart doorbells
-
Smart plugs, lights, and appliances
-
Smart wearables (watches, fitness bands)
The scope may expand to commercial and industrial IoT equipment in the future.
🌐 Global Supply Chain Impact
Once mandatory for U.S. federal procurement, CTM will have ripple effects worldwide:
-
Manufacturers must design security architecture upfront (e.g., secure MCUs, OTA updates)
-
Exporters will need FCC-approved certification labs
-
IoT exporters from Taiwan, China, South Korea, and beyond must plan for compliance to stay competitive
📞 Need CTM Certification Support? Contact THE ONE
At The One, we specialize in IoT cybersecurity Testing Service. Our services include:
-
Regulatory analysis and CTM compliance mapping
-
Lab Testing
-
Continuous updates on NIST/FCC cybersecurity requirements
For further inquiries, please contact:
Email:Charles.liao@theonelab.co
Phone:(02)8601-2828
