SP 1800-15 (Draft)

Securing Small Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD)

Date Published: September 2020
Comments Due: October 16, 2020
Email Comments to: mitigating-iot-ddos-nccoe@nist.gov

Planning Note (9/16/2020): This is the official public draft

Author(s)

Donna Dodson (NIST), Douglas Montgomery (NIST), W. Polk (NIST), Mudumbai Ranganathan (NIST), Murugiah Souppaya (NIST), Steve Johnson (CableLabs), Ashwini Kadam (CableLabs), Craig Pratt (CableLabs), Darshak Thakore (CableLabs), Mark Walker (CableLabs), Eliot Lear (Cisco), Brian Weis (Cisco), William Barker (Dakota Consulting), Dean Coclin (DigiCert), Avesta Hojjati (DigiCert), Clint Wilson (DigiCert), Tim Jones (ForeScout), Adnan Baykal (Global Cyber Alliance), Drew Cohen (MasterPeace Solutions), Kevin Yeich (MasterPeace Solutions), Yemi Fashina (MITRE), Parisa Grayeli (MITRE), Joshua Harrington (MITRE), Joshua Klosterman (MITRE), Blaine Mulugeta (MITRE), Susan Symington (MITRE), Jaideep Singh (Molex)

Announcement

The National Cybersecurity Center of Excellence (NCCoE) has released the final public draft of the NIST Cybersecurity Practice Guide, SP 1800-15, “Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD),” and is seeking the public's comments on the contents. This practice guide is intended to show IoT device developers and manufacturers, network equipment developers and manufacturers, and service providers who employ MUD-capable components how to integrate and use MUD and other tools to satisfy IoT users’ security requirements.

NOTE:  A call for patent claims is included on page iii of 1800-15B. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Abstract

Keywords

access control; bootstrapping; botnets; firewall rules; flow rules; Internet of Things; IoT; Manufacturer Usage Description; MUD; network segmentation; onboarding; router; server; software update server; threat signaling; Wi-Fi Easy Connect
Control Families

Access Control; System and Communications Protection