FCC Looking for New Cyber Trust Mark Administrator

WASHINGTON, Jan. 7, 2025 – The Federal Communications Commission is looking for a new administrator for its Cyber Trust Mark program, the agency said Wednesday.

The agency had paused the program in June, citing concerns the testing company previously selected, UL Solutions, was part of a joint venture with a Chinese firm and testing locations based in the country. UL Solutions formally stepped down on Dec. 19.

“We appreciate our ongoing discussions with the FCC about the future direction of the Lead Administrator role and the Program,” Chanté Maurio, the company’s general manager of identity management and security, wrote in a letter to the agency. “Having now delivered many of the foundational elements of the Lead Administrator role and given other considerations, we respectfully submit our notice of withdrawal as Lead Administrator effective as of the date of this letter.”

The window for entities to submit an application to take the lead administrator spot will be open until Jan. 28, the FCC said in a public notice Wednesday.

The program was started during the Biden administration in an effort to incentivize companies to build cybersecurity capabilities into their internet-connected devices. It’s set to be voluntary, and companies looking to display the mark would have to show lab tests confirming a given product complies with cybersecurity standards set out by the National Institute of Standards and Technology. 

The initiative hasn’t been fully implemented, as the FCC opened a probe into UL Solutions in June over its ties to China.

The agency has approved 11 labs to do testing for the program, and they would be managed by the new lead administrator.

Asked about the program at the agency’s November meeting, FCC Chairman Brendan Carr said: “As a general matter, I think if you’re going to have a U.S. Cyber Trust Mark Administrator, it has to be pretty clean in terms of concerns about ties back into China.”

FCC Commissioner Anna Gomez, the lone Democratic commissioner, said at the same meeting that she was skeptical of the need to put the program on pause and hoped the agency would restart it.

“We supposedly paused the cyber trust mark implementation because of concerns about United Laboratories’ ties in China,” she said. “I think that is imminently mitigable, and I don’t understand how we couldn’t have come up with that in a nanosecond.”

Also at the November meeting, the agency voted 2-1 on party lines to repeal a cybersecurity order implemented in 2024 under then-Chairwoman Jessica Rosenworcel after the Salt Typhoon hacks of major U.S. telecom providers. The order interpreted federal wiretapping laws to require telecom companies to secure their networks against cyberattacks. 

Carr said the order was “neither lawful nor effective” and that the agency has instead reached deals with the major carriers to “make extensive, coordinated efforts to harden their networks against a range of cyber intrusions.”