Date Published: April 2019
Comments Due:
Email Questions to:
Author(s)
Donna Dodson (NIST), W. Polk (NIST), Murugiah Souppaya (NIST), William Barker (Dakota Consulting), Eliot Lear (Cisco), Brian Weis (Cisco), Yemi Fashina (MITRE), Parisa Grayeli (MITRE), Joshua Klosterman (MITRE), Blaine Mulugeta (MITRE), Mary Raguso (MITRE), Susan Symington (MITRE), Dean Coclin (DigiCert), Clint Wilson (DigiCert), Tim Jones (ForeScout), Jaideep Singh (Molex), Darshak Thakore (CableLabs), Mark Walker (CableLabs), Drew Cohen (MasterPeace)
Announcement
The National Cybersecurity Center of Excellence (NCCoE) has published a preliminary draft practice guide, SP 1800-15, “Securing Small- Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD),” and is seeking the public's comments on the contents. The popularity of IoT devices is growing rapidly, as are concerns over their security. IoT devices are often vulnerable to malicious actors who can exploit them directly and use them to conduct network-based attacks. SP 1800-15 describes for IoT product developers and implementers an approach that uses MUD to automatically limit IoT devices to sending and receiving only the traffic that they require to perform their intended functions.
We will use this feedback to help shape the next version of this document.
NOTE: A call for patent claims is included on page v of 1800-15B. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.
The goal of the Internet Engineering Task Force’s manufacturer usage description (MUD) architecture is for Internet of Things (IoT) devices to behave as intended by the manufacturers of the devices. This is done by providing a standard way for manufacturers to identify each device’s type and to indicate the network communications that it requires to perform its intended function and be resilient to network-based attacks. When MUD is used, the network will automatically permit the IoT device to perform as intended, and the network will prohibit all other device behaviors. The National Cybersecurity Center of Excellence (NCCoE) has demonstrated for IoT product developers and implementers the ability to ensure that when an IoT device connects to a home or small-business network, MUD can be used to automatically permit the device to send and receive only the traffic it requires to perform its intended function.
This National Institute of Standards and Technology (NIST) Cybersecurity Practice Guide explains what consumers should expect from IoT device manufacturers and demonstrates how MUD protocols and tools can reduce the potential for harm from exploited IoT devices. It also shows IoT product and system providers how to integrate and use MUD to satisfy IoT users’ security requirements. This guide contains three volumes. NIST Special Publication (SP) 1800-15A is an Executive Summary intended to help industry decision makers understand the importance of adopting use of standards-based mitigation of network-based distributed denial of service using MUD protocols. NIST SP 1800-15B, Approach, Architecture, and Security Characteristics, describes for technology and security program managers what we built and how it addresses users’ security requirements. NIST SP 1800-15C, How-To Guides provides instructions to system developers and integrators for building the example solution.
The goal of the Internet Engineering Task Force’s manufacturer usage description (MUD) architecture is for Internet of Things (IoT) devices to behave as intended by the manufacturers of the devices. This is done by providing a standard way for manufacturers to identify each device’s type and to...
See full abstract
The goal of the Internet Engineering Task Force’s manufacturer usage description (MUD) architecture is for Internet of Things (IoT) devices to behave as intended by the manufacturers of the devices. This is done by providing a standard way for manufacturers to identify each device’s type and to indicate the network communications that it requires to perform its intended function and be resilient to network-based attacks. When MUD is used, the network will automatically permit the IoT device to perform as intended, and the network will prohibit all other device behaviors. The National Cybersecurity Center of Excellence (NCCoE) has demonstrated for IoT product developers and implementers the ability to ensure that when an IoT device connects to a home or small-business network, MUD can be used to automatically permit the device to send and receive only the traffic it requires to perform its intended function.
This National Institute of Standards and Technology (NIST) Cybersecurity Practice Guide explains what consumers should expect from IoT device manufacturers and demonstrates how MUD protocols and tools can reduce the potential for harm from exploited IoT devices. It also shows IoT product and system providers how to integrate and use MUD to satisfy IoT users’ security requirements. This guide contains three volumes. NIST Special Publication (SP) 1800-15A is an Executive Summary intended to help industry decision makers understand the importance of adopting use of standards-based mitigation of network-based distributed denial of service using MUD protocols. NIST SP 1800-15B, Approach, Architecture, and Security Characteristics, describes for technology and security program managers what we built and how it addresses users’ security requirements. NIST SP 1800-15C, How-To Guides provides instructions to system developers and integrators for building the example solution.
Hide full abstract
Keywords
botnets; internet of things; IoT; manufacturer usage description; MUD; router; server; software update server; threat signaling
Control Families
Access Control; Configuration Management; Risk Assessment; System and Communications Protection; System and Information Integrity