CA AB2392

Manufacturers of connected devices may satisfy security requirements by ensuring devices meet or exceed baseline criteria of a National Institute of Standards and Technology (NIST) conforming labeling scheme.

Devices qualifying under the NIST labeling scheme alternative must satisfy a third-party conformity assessment and bear the binary label described by the NIST conforming labeling scheme.

The NIST conforming labeling scheme is defined as any labeling scheme conforming to NIST's "Recommended Criteria for Cybersecurity Labeling for Consumer Internet of Things (IoT) Products" published February 4, 2022, including revisions or successor publications.

Existing security requirements for connected devices remain in place, including features appropriate to device nature and function, and protection against unauthorized access, destruction, use, modification, or disclosure.

Repeals redundant statutory provisions previously enacted in Chapter 886 of the Statutes of 2018.