The agency took D-Link to court back in 2017 over the security of its routers and IP cameras. FTC says the company failed to address preventable security flaws, such as storing passwords on its app in plain text and using hard-coded login credentials for its devices with easy-to-guess usernames and passwords. The court dismissed those claims once, because the FTC didn’t submit enough proof to substantiate them.

While the agency was clearly able to resurrect the lawsuit, D-Link says that court didn’t find it liable for any alleged violation in the end. The court also came to the decision that D-Link didn’t engage in any deceptive marketing statements or practices. Plus, the company says that it will merely continue “its current comprehensive software security program” as part of the terms of settlement.

Finally, D-Link is also required to undergo third-party assessments of its software security program for 10 years. The FTC has to approve the third-party assessor D-Link chooses, and it requires specific evidence to ensure its findings are impartial and accurate.