Date Published: November 2019
Comments Due:
Email Questions to:
Author(s)
Donna Dodson (NIST), W. Polk (NIST), Mudumbai Ranganathan (NIST), Murugiah Souppaya (NIST), Darshak Thakore (CableLabs), Mark Walker (CableLabs), Eliot Lear (Cisco), Brian Weis (Cisco), William Barker (Dakota Consulting), Dean Coclin (DigiCert), Clint Wilson (DigiCert), Tim Jones (ForeScout), Adnan Baykal (Global Cyber Alliance), Drew Cohen (MasterPeace Solutions), Kevin Yeich (MasterPeace Solutions), Yemi Fashina (MITRE), Parisa Grayeli (MITRE), Joshua Harrington (MITRE), Joshua Klosterman (MITRE), Blaine Mulugeta (MITRE), Susan Symington (MITRE), Jaideep Singh (Molex)
Announcement
The National Cybersecurity Center of Excellence (NCCoE) has published a second preliminary draft practice guide, SP 1800-15, “Securing Small- Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD),” and is seeking the public's comments on the contents. The popularity of IoT devices is growing rapidly, as are concerns over their security. IoT devices are often vulnerable to malicious actors who can exploit them directly and use them to conduct network-based attacks. SP 1800-15 describes for IoT product developers and implementers an approach that uses MUD to automatically limit IoT devices to sending and receiving only the traffic that they require to perform their intended functions.
We will use this feedback to help shape the next version of this document.
NOTE: A call for patent claims is included on page iv of 1800-15B. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.
The goal of the Internet Engineering Task Force’s Manufacturer Usage Description (MUD) specification is for Internet of Things (IoT) devices to behave as intended by the manufacturers of the devices. This is done by providing a standard way for manufacturers to indicate the network communications that a device requires to perform its intended function. When MUD is used, the network will automatically permit the IoT device to send and receive only the traffic it requires to perform as intended, and the network will prohibit all other communication with the device, thereby increasing the device’s resilience to network-based attacks. In this project, the NCCoE has demonstrated the ability to ensure that when an IoT device connects to a home or small-business network, MUD can be used to automatically permit the device to send and receive only the traffic it requires to perform its intended function. This NIST Cybersecurity Practice Guide explains how MUD protocols and tools can reduce the vulnerability of IoT devices to botnets and other network-based threats as well as reduce the potential for harm from exploited IoT devices. It also shows IoT device developers and manufacturers, network equipment developers and manufacturers, and service providers who employ MUD-capable components how to integrate and use MUD to satisfy IoT users’ security requirements.
The goal of the Internet Engineering Task Force’s Manufacturer Usage Description (MUD) specification is for Internet of Things (IoT) devices to behave as intended by the manufacturers of the devices. This is done by providing a standard way for manufacturers to indicate the network communications...
See full abstract
The goal of the Internet Engineering Task Force’s Manufacturer Usage Description (MUD) specification is for Internet of Things (IoT) devices to behave as intended by the manufacturers of the devices. This is done by providing a standard way for manufacturers to indicate the network communications that a device requires to perform its intended function. When MUD is used, the network will automatically permit the IoT device to send and receive only the traffic it requires to perform as intended, and the network will prohibit all other communication with the device, thereby increasing the device’s resilience to network-based attacks. In this project, the NCCoE has demonstrated the ability to ensure that when an IoT device connects to a home or small-business network, MUD can be used to automatically permit the device to send and receive only the traffic it requires to perform its intended function. This NIST Cybersecurity Practice Guide explains how MUD protocols and tools can reduce the vulnerability of IoT devices to botnets and other network-based threats as well as reduce the potential for harm from exploited IoT devices. It also shows IoT device developers and manufacturers, network equipment developers and manufacturers, and service providers who employ MUD-capable components how to integrate and use MUD to satisfy IoT users’ security requirements.
Hide full abstract
Keywords
botnets; Internet of Things; IoT; Manufacturer Usage Description; MUD; router; server; software update server; threat signaling
Control Families
Access Control; System and Communications Protection