This is a very positive step to providing consumers with "radical transparency" into the cyber risks of IoT devices. DOE is planning to implement a cybersecurity label for smart meters.
The open-source Vendor Response File (VRF) that was gifted by Reliable Energy Analytics (REA) on July 17, 2023 to the IETF Supply Chain Integrity, Transparency and Trust (SCITT) initiative includes a CyberSecLabelURL that provides consumers with a link to a legitimately registered cybersecurity labels within a SCITT "Trust Registry". This capability will be demonstrated during the IETF Hackathon on July 21, using an FDA use case to locate SBOM and Vulnerability Disclosure Reports that may be submitted by a medical device manufacturer, to satisfy section 524B cybersecurity requirements (see slide 8).
A consumer would click the link in the CyberSecLabelURL to view a registered, trustworthy and legitimate cybersecurity label, within a SCITT Trust Registry. You can think of a SCITT Trust Registry like a "Registry of Deeds", it only contains legitimate, trustworthy claims in the registry, including items like SBOM's, Vulnerability Disclosure Reports (VDR) and legitimate Cybersecurity Labels.