Need a disclaimer for 3rd party apps that are not under the manufacturer's control, like smart TV streaming apps.

[mbergman42]

Third party apps like Netflix appear to be “not under TV manufacturer control” but a consumer disclaimer is recommended. CTA WG was considering updating language in CTA docs. In the 90-Day, should verify that there is a recommendation to alert consumers that the smart TV cyber certification does not extend to apps via preload or via Stores.

[ljcamp]

Should it include apps that can not be deleted by the consumer? This is likely a meaningful distinction for the consumer.

[mbergman42]

I'd say, probably that's a different category. The disclaimer concept here is not specific to individual apps. This issue arises from the Order's attempt to make all elements of the IoT Product "in-scope". But (e.g.) a smart TV player streaming app like (e.g.) the Netflix app isn't under the manufacturer's control. The Bureau has said that these types of apps can be considered out of scope, but asked if some kind of disclaimer that they were not covered by the cybersecurity mark would be appropriate.

So this is conceptually something like,
"This product is certified under the U.S. Cyber Trust Mark for meeting security standards established by the National Institute of Standards and Technology. However, some applications loaded or available to load on this product may not be covered by this cybersecurity certification. Contact the provider of the application for more information."