Existing law requires a manufacturer of a connected device to equip the device with a reasonable security feature or features that are appropriate to the nature and function of the device, appropriate to the information it may collect, contain, or transmit, and designed to protect the device and information contained in the device from unauthorized access, destruction, use, modification, or disclosure.
This bill would provide that a manufacturer of a connected device may elect to satisfy the above-described provisions by ensuring the connected device meets or exceeds the baseline product criteria of a labeling scheme that conforms to specified guidance published by the National Institute of Standards and Technology (NIST) for consumer Internet of Things (IoT) products, satisfies a conformity assessment as described by a NIST conforming labeling scheme, as specified, and bears the binary label as described by a NIST conforming labeling scheme.
This bill would also make nonsubstantive changes that remove provisions redundant to the above-described existing provisions.