NCCoE Releases Preliminary Draft Practice Guide for Trusted IoT Onboarding and Lifecycle Management

 The National Cybersecurity Center of Excellence (NCCoE) has
released the preliminary draft of NIST Special Publication (SP) 1800-36A:
Executive Summary,
Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle
The public comment period for the draft is open
until February 3, 2023.

About the Project

Provisioning network credentials to IoT devices in an untrusted
manner leaves networks vulnerable to having unauthorized IoT devices connect to
them. It also leaves IoT devices vulnerable to being taken over by unauthorized
networks. Instead, trusted, scalable, and automatic mechanisms are needed to
safely manage IoT devices throughout their lifecycles, beginning with secure
ways to provision devices with their network credentials—a process known as trusted network-layer onboarding.
Trusted network-layer onboarding, in combination with additional device
security capabilities such as device attestation, application-layer onboarding,
secure lifecycle management, and device intent enforcement could improve the
security of networks and IoT devices.

This draft practice guide aims to demonstrate how organizations
can protect both their IoT devices and their networks. The NCCoE is
collaborating with product and service providers to produce example
implementations of trusted network-layer onboarding and capabilities that
improve device and network security throughout the IoT-device lifecycle to
achieve this.

Submit Your Comments

The public comment period for the draft is open now until February
3, 2023. 
See the publication details for a copy of the draft publication
and comment instructions.