On December 5, 2022, the National Cybersecurity Center of Excellence
(NCCoE) released for public comment the preliminary draft of NIST Special
Publication (SP) 1800-36A: Executive Summary, Trusted Internet of Things (IoT) Device Network-Layer
Onboarding and Lifecycle Management. The public comment period
is open until February 3, 2023.
About the Project
Provisioning network credentials to IoT devices in an untrusted
manner leaves networks vulnerable to having unauthorized IoT devices connect to
them. It also leaves IoT devices vulnerable to being taken over by unauthorized
networks. Instead, trusted, scalable, and automatic mechanisms are needed to
safely manage IoT devices throughout their lifecycles, beginning with secure
ways to provision devices with their network credentials—a process known as trusted network-layer onboarding.
Trusted network-layer onboarding, in combination with additional device
security capabilities such as device attestation, application-layer onboarding,
secure lifecycle management, and device intent enforcement could improve the
security of networks and IoT devices.
This draft practice guide aims to demonstrate how organizations
can protect both their IoT devices and their networks. The NCCoE is
collaborating with product and service providers to produce example
implementations of trusted network-layer onboarding and capabilities that
improve device and network security throughout the IoT-device lifecycle to
achieve this.
Submit Your Comments
The public comment period for this draft is open until February 3,
2023. See the publication details for a copy of the
draft publication and comment instructions.