NCCoE Releases Drafts for NIST SP 1800-36, Trusted IoT Onboarding (Vols. B, C, and E)


The National Cybersecurity Center of Excellence (NCCoE) has released the second preliminary drafts of volumes B, C, and E for NIST Special Publication (SP) 1800-36, Trusted Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle ManagementThe comment period is open until December 15, 2023.  

About the Project  

Provisioning network credentials to IoT devices in an untrusted manner leaves networks vulnerable to having unauthorized IoT devices connect to them. It also leaves IoT devices vulnerable to being taken over by unauthorized networks. Instead, trusted, scalable, and automatic mechanisms are needed to safely manage IoT devices throughout their lifecycles, beginning with secure ways to provision devices with their network credentials—a process known as trusted network-layer onboarding. Trusted network-layer onboarding, in combination with additional device security capabilities such as device attestation, application-layer onboarding, secure lifecycle management, and device intent enforcement could improve the security of networks and IoT devices. 

This practice guide aims to demonstrate how organizations can protect both their IoT devices and their networks. The updated drafts of volumes B, C and E describe advancements to the IoT onboarding functional implementations. NCCoE is collaborating with product and service providers to produce example implementations of trusted network-layer onboarding and capabilities that improve device and network security throughout the IoT-device lifecycle to achieve this.  

Submit Your Comments  

The public comment period for draft vols. B, C, and E is open until 11:59 p.m. EST on Friday, December 15, 2023. The second preliminary drafts of vols. A and D released last month are also available for comment until 11:59 p.m. EST on November 10, 2023.  

Visit the NCCoE IoT Onboarding project page for copies of the draft publications and the comment form. 

 Join the Community of Interest 

If you have expertise in IoT and/or network security and would like to help shape this project, please consider joining the IoT Onboarding Community of Interest. You can sign-up to become a COI member via our project page

 Attend the Virtual Event 

We invite you to attend our public webinar this Wednesday, November 1, 2023, from 10:00 a.m. to 11:30 a.m. EDT, to learn more about Draft NIST SP 1800-36! This event was rescheduled from September 27, 2023.  

Visit the event page for details and registration here.