Who approves a scheme? - The FCC, through the LA and Bureau, will authorize schemes. These will typically be held by CLAs, but that’s not a requirement. Details of this are unknown and will need to be decided during the 90 day stakeholder process

[mbergman42]

Re this topic, paragraph 104 in the Order is as follows:

104. We further determine that, given the existing work in this space, the Commission should not undertake the initial development of the standards that underpin the NIST Core Baseline. Rather, as discussed in paragraph 56 above, we direct the Lead Administrator to undertake this task, and delegate authority to the Bureau to review and approve the consumer IoT cybersecurity standards and testing procedures that have been identified and/or developed by the Lead Administrator (after any appropriate public comment) that ensures the product to which a manufacturer seeks to affix the FCC IoT Label conforms to the NIST criteria. NIST’s IoT Product Component Requirements Essay provides a summary of standards and guidance that NIST has initially identified as applicable to IoT devices and IoT product components, that the Lead Administrator may determine are applicable to the IoT Labeling Program.333 Moreover, the Lead Administrator may also determine existing standards or schemes that exist in the market already may be readily adaptable and leverage such work to meet the terms of the program.