U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

IoT Device Characterization

Securing a network is a complex task made all the more challenging when IoT devices are connected to it because the expected communication behaviors of each IoT device are unknown.

An approach for determining and documenting the device types and communication behaviors of IoT devices connected to a network

Draft NIST Internal Report (NISTIR) 8349 demonstrates how to use device characterization techniques to describe the communication requirements of IoT devices, in support of the Manufacturer Usage Description (MUD) project. The MUD specification supports development of MUD files that define expected and permitted network activity and behavior. Accurately generating a MUD file for a networked device requires a comprehensive picture of the device’s potential actions.
Status: Reviewing Comments

The public comment period has closed for draft NISTIR 8349: Methodology for Characterizing Network Behavior of Internet of Things Devices. Thank you to everyone who shared their feedback with us, we are currently reviewing the comments received. If you have questions, please email us at [email protected]

NIST IR 8349 (Draft) Methodology for Characterizing Network Behavior of Internet of Things DevicesWeb Version NIST IR 8349 (Draft) Methodology for Characterizing Network Behavior of Internet of Things Devices

Project Abstract

The goal is to demonstrate how to use device characterization techniques to describe the communication requirements of IoT devices. This publication focuses on the capture of network communications involving IoT devices necessary to generate MUD files. MUD provides a standard way to specify the network communications that a device requires to perform its intended function. The methodology seeks to allow for analysis of the full range of IoT device network traffic behaviors that can reasonably be expected. This includes examining a variety of factors that could potentially alter an IoT device’s behavior at each stage of the device’s lifecycle.

MUD provides a standard way to specify the network communications that a device requires to perform its intended function.

Supplemental Resources

A Companion Tool

NCCoE created a tool called MUD-PD for characterizing IoT devices particularly for use with MUD.

Access the tool
Metal arrow pointing upward

Join the Community of Interest

Employee speaking on video call with colleagues on online briefing with laptop at home

A Community of Interest (COI) is a group of professionals and advisors who share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Share your expertise and consider becoming a member of this project's COI. 

Tell us about yourself