This practice guide shows how IoT device developers and manufacturers, network equipment developers and manufacturers, and service providers who employ MUD-capable components how to integrate and use MUD and other tools to satisfy IoT users’ security requirements.
Securing Home IoT Devices Using MUD
Because IoT devices are designed to be low in cost, with limited functionality using constrained hardware, it is not realistic to try to solve the problem of IoT device vulnerability by requiring that all IoT devices be equipped with robust and state-of-the-art security mechanisms. Instead, we are challenged to develop ways to improve IoT device security without requiring costly or complicated improvements to the devices themselves.
A solution for reducing the vulnerability of IoT devices to network-based attacks and the potential for harm from any IoT devices that become compromised
Project Abstract
The goal of the Internet Engineering Task Force’s MUD specification is for IoT devices to behave as the devices’ manufacturers intended. MUD provides a standard way for manufacturers to indicate the network communications that a device requires to perform its intended function.
When MUD is used, the network will automatically permit the IoT device to send and receive only the traffic it requires to perform as intended, and the network will prohibit all other communication with the device, thereby increasing the device’s resilience to network-based attacks.
In this project, the NCCoE demonstrated the ability to ensure that when an IoT device connects to a home or small-business network, MUD can automatically permit the device to send and receive only the traffic it requires to perform its intended function.
When MUD is used, the network will automatically permit the IoT device to send and receive only the traffic it requires to perform as intended, and the network will prohibit all other communication with the device, thereby increasing the device’s resilience to network-based attacks.
Collaborating Vendors
Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.
Supplemental Resources
Cybersecurity Paper: Methodology for Characterizing Network Behavior of Internet of Things (IoT) Devices
Demonstrates how to use device characterization techniques to describe the communication requirements of IoT devices in support of the MUD Specification. The cybersecurity paper delves into capturing network communications from IoT devices for analysis and generation of MUD files. Learn more about this cybersecurity paper.
Companion Tools
NCCoE created a tool called MUD-PD for characterizing IoT devices particularly for use with MUD. The tool is helpful in generating MUD files and can be accessed here.
MUD-Related Resources
Find MUD-related resources and information, including standards, tools, implementations, research papers, articles, and conferences here.

Join the Community of Interest

A Community of Interest (COI) is a group of professionals and advisors who share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Share your expertise and consider becoming a member of this project's COI.