Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Securing Small-Business and Home IoT Devices Using Manufacturer Usage Description: NCCoE Releases Preliminary Draft of SP 1800-15
April 25, 2019

The National Cybersecurity Center of Excellence (NCCoE) has released a preliminary draft practice guide, SP 1800-15, Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD), and is seeking public comments. The popularity of IoT devices is growing rapidly, as are concerns over their security. IoT devices are often vulnerable to malicious actors who can exploit them directly and use them to conduct network-based attacks. 

This guide’s example solution is based on the Internet Engineering Task Force’s (IETF) Manufacturer Usage Description (MUD) Specification and is intended for IoT manufacturers and implementers. However, the guide also demonstrates to IoT device users the crucial role MUD can play in network security.

About MUD

The MUD architecture enables IoT devices to behave only as intended by the manufacturers of these devices. This is done by providing a standard way for manufacturers to indicate the network communications that each device requires to perform its intended function. When MUD is used, the network will automatically permit the IoT device to send and receive only this required traffic. Even if an IoT device is compromised, MUD prevents it from being used in any attack that would require the device to communicate with an unauthorized destination.

We Want to Hear from You

Don’t miss this opportunity to share your expertise with us. For instance:

  • If you are an IoT device manufacturer, have you gained a better understanding of the relatively small steps you can take to design and enable devices you produce to take advantage of MUD? Are there areas in which you would like more guidance?
  • If you are a gateway manufacturer, are you considering implementing support for MUD in your products? Are there areas in which you would like more guidance?
  • If you are a communications service provider, did you find this guide useful in understanding how wide deployment of MUD could help reduce DDoS attacks? Is MUD something that you want to consider deploying across your network and advocating that your customers use?
  • If you are an IoT device user, do you have a better understanding of the role that MUD can play in overall network security? Have you gained a better understanding of the benefits of both deploying the infrastructure required to support MUD and using IoT devices that can take advantage of MUD?
  • Has the guide made you interested in obtaining MUD-capable devices?
  • If you or your organization has implemented the example solution using this guide, what was your experience?

We will use this feedback to help shape the next version of this document.

Submit your comments online or send an email to until June 24, 2019. 


NOTE:  A call for patent claims is included on page v of 1800-15B. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Created April 25, 2019, Updated June 22, 2020