U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

SP 1800-15 (Draft)

Securing Small Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD) (Preliminary Draft)

Date Published: April 2019
Comments Due: June 24, 2019 (public comment period is CLOSED)
Email Questions to: mitigating-iot-ddos-nccoe@nist.gov


Donna Dodson (NIST), W. Polk (NIST), Murugiah Souppaya (NIST), William Barker (Dakota Consulting), Eliot Lear (Cisco), Brian Weis (Cisco), Yemi Fashina (MITRE), Parisa Grayeli (MITRE), Joshua Klosterman (MITRE), Blaine Mulugeta (MITRE), Mary Raguso (MITRE), Susan Symington (MITRE), Dean Coclin (DigiCert), Clint Wilson (DigiCert), Tim Jones (ForeScout), Jaideep Singh (Molex), Darshak Thakore (CableLabs), Mark Walker (CableLabs), Drew Cohen (MasterPeace)


The National Cybersecurity Center of Excellence (NCCoE) has published a preliminary draft practice guide, SP 1800-15, “Securing Small- Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD),” and is seeking the public's comments on the contents. The popularity of IoT devices is growing rapidly, as are concerns over their security. IoT devices are often vulnerable to malicious actors who can exploit them directly and use them to conduct network-based attacks. SP 1800-15 describes for IoT product developers and implementers an approach that uses MUD to automatically limit IoT devices to sending and receiving only the traffic that they require to perform their intended functions.

We will use this feedback to help shape the next version of this document.

NOTE:  A call for patent claims is included on page v of 1800-15B. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.



botnets; internet of things; IoT; manufacturer usage description; MUD; router; server; software update server; threat signaling
Control Families

Access Control; Configuration Management; Risk Assessment; System and Communications Protection; System and Information Integrity


Prelim. Draft SP 1800-15

Supplemental Material:
Project homepage (web)

Document History:
04/24/19: SP 1800-15 (Draft)
11/21/19: SP 1800-15 (Draft)
09/16/20: SP 1800-15 (Draft)
05/26/21: SP 1800-15 (Final)