Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST IR 8349 (Initial Public Draft)

Methodology for Characterizing Network Behavior of Internet of Things Devices

Date Published: January 11, 2022
Comments Due: February 11, 2022 (public comment period is CLOSED)
Email Questions to: iot-ddos-nccoe@nist.gov

Author(s)

Paul Watrobski (NIST), Murugiah Souppaya (NIST), Joshua Klosterman (MITRE), William Barker (Dakota Consulting)

Announcement

The National Cybersecurity Center of Excellence (NCCoE) has prepared Draft NISTIR 8349 for public comment.

Securing a network is a complex task made more challenging when Internet of Things (IoT) devices are connected to it. NISTIR 8349 demonstrates how to use device characterization techniques and the supporting open source tool MUD-PD to describe the communication requirements of IoT devices in support of the Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD) project. Manufacturers and network administrators can use the techniques and tools described in the report for capturing network communications from IoT devices, analyzing network captures, and generating MUD files to help ensure IoT devices perform as intended.

Your Input Matters

The NCCoE relies on developers, providers, and users of cybersecurity technology and information to provide input to our cybersecurity reports and guidance to produce useful and technically correct resources. We look forward to receiving your comments on this draft report.

You can also help shape and contribute to this project by joining the loT Community of Interest by sending an email to iot-ddos-nccoe@nist.gov detailing your interest.

 

NOTE: A call for patent claims is included on page iv of this draft.  For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Abstract

Keywords

access control; device characterization; Internet of Things (IoT); Manufacturer Usage Description (MUD); network communications
Control Families

None selected

Documentation

Publication:
https://doi.org/10.6028/NIST.IR.8349-draft
Download URL

Supplemental Material:
Project homepage

Document History:
04/01/20: CSWP 12 (Draft)
01/11/22: IR 8349 (Draft)
12/05/22: IR 8349 (Final)