IoT Device Network-Layer Onboarding Taxonomy

Download the Cybersecurity Paper

The NCCoE has released the draft version of the cybersecurity paper,  Trusted Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle Management . Use the button below to view this publication.

Download the PDF »

Current Status

We are currently seeking comments for a cybersecurity paper titled Trusted Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle Management.  The comment period closes on October 8, 2020.

If you have any questions or would like to join our Community of Interest, please email the project team at mitigating-iot-ddos-nccoe@nist.gov.

Summary

This paper provides background information on trusted IoT device network-layer onboarding and lifecycle management. It defines a taxonomy of onboarding characteristics that will enable stakeholders to have a common language to describe and express their onboarding capabilities and fully capture the elements required to characterize potential onboarding solutions in protocol and product-agnostic terms. It also presents a proposed set of security considerations for network-layer onboarding.

We define network-layer onboarding of an IoT device as the provisioning of network credentials to that device at the time of the device’s deployment on a network.  The trusted aspect of network-layer onboarding indicates that the device is provided with unique network credentials after the device and the network have had the opportunity to authenticate each other and establish an encrypted channel without user knowledge of the credentials, thereby mitigating unauthorized credential disclosure.

The benefits of a using a trusted network-layer onboarding mechanism are that it helps:

  • prevent unauthorized devices from connecting to the network
  • protect devices from being taken over by unauthorized networks

Join Our Community of Interest

Interested in joining the IoT Device Network-Layer Onboarding Taxonomy Community of Interest? Contact us!

A Community of Interest is a group of professionals and technical advisors convened to support the cybersecurity resiliency of the U.S. economy. Read More.