NIST’s National Cybersecurity Center of Excellence (NCCoE) has published NIST Internal Report (NIST IR) 8349: Methodology for Characterizing Network Behavior of Internet of Things Devices.
About the Report
Characterizing and understanding the expected network behavior of Internet of Things (IoT) devices is essential for cybersecurity. It enables the implementation of appropriate network access controls (e.g., firewall rules or access control lists) to protect the devices and the networks on which they are deployed. This may include limiting a device’s communication to only that which is deemed necessary. It also enables identifying when a device may be misbehaving, a potential sign of compromise. The ability to restrict network communications for IoT devices is critically important, especially given the increased number of these devices.
This publication describes recommended techniques to accurately capture, document, and characterize the entire range of an IoT device’s network behavior across various use cases and conditions. Using this methodology, IoT device manufacturers and developers, network operators and administrators, cloud providers, and researchers can generate files conforming to Manufacturer Usage Description (MUD), which provides a standard way to specify the network communications that an IoT device requires to perform its intended functions.
Contact Us
If you have any questions or would like to join the NCCoE IoT Community of Interest to receive project updates, email: [email protected].
