Email this Article Email   

CHIPS Articles: Ensuring IoT devices function as intended

Ensuring IoT devices function as intended
By CHIPS Magazine - April 26, 2019
The National Cybersecurity Center of Excellence (NCCoE) published a preliminary draft practice guide, SP 1800-15, “Securing Small- Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD),” and is seeking the public's comments on the contents.

The increase in IoT devices in homes and businesses is growing rapidly, as are concerns over their security implications. IoT devices are often vulnerable to malicious actors who can exploit them directly and use them to conduct network-based attacks, NIST said in a release. SP 1800-15 describes for IoT product developers and implementers an approach that uses MUD to automatically limit IoT devices to sending and receiving only the traffic that they require to perform their intended functions.

This National Institute of Standards and Technology Cybersecurity Practice Guide explains what consumers should expect from IoT device manufacturers and demonstrates how MUD protocols and tools can reduce the potential for harm from exploited IoT devices. It also shows IoT product and system providers how to integrate and use MUD to satisfy IoT users’ security requirements.

The guide contains three volumes. NIST Special Publication (SP) 1800-15A is an Executive Summary intended to help industry decision makers understand the importance of adopting use of standards-based mitigation of network-based distributed denial of service using MUD protocols. NIST SP 1800-15B, Approach, Architecture, and Security Characteristics, describes for technology and security program managers what we built and how it addresses users’ security requirements. NIST SP 1800-15C, How-To Guides provides instructions to system developers and integrators for building the example solution.

NIST will use feedback to help shape the next version of this document.

NOTE: A call for patent claims is included on page v of 1800-15B. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Documentation
Publication: SP 1800-15 (Preliminary Draft)
Supplemental Material: Submit Comments on SP 1800-15 (other) and Project Homepage (other)
Related NIST Publications: White Paper

Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer