Consumer Reports recently provided comments on the development of an updated framework for IoT device cybersecurity to the National Infrastructure and Standards Agency (NIST). The NIST framework is used by the government to set a baseline for cybersecurity when the government purchases connected devices. It also is the backbone that dictates the requirements for obtaining the U.S. Cyber Trust Mark, a voluntary labeling scheme that will deploy to consumers over the next year. The update adds a requirement that companies manufacturing IoT devices have a plan to keep them secure through the lifecycle of the product. CR supports NIST’s updated framework and has provided research and comments to NIST that showcase the importance of maintaining connected products’ security while they are in the field and then communicating when a company stops supporting those products. In our comments we also encourage NIST to consider what data gets collected from these connected devices and how that data is shared and protected.