U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Securing Home IoT Devices Using MUD

Because IoT devices are designed to be low in cost, with limited functionality using constrained hardware, it is not realistic to try to solve the problem of IoT device vulnerability by requiring that all IoT devices be equipped with robust and state-of-the-art security mechanisms. Instead, we are challenged to develop ways to improve IoT device security without requiring costly or complicated improvements to the devices themselves.

A solution for reducing the vulnerability of IoT devices to network-based attacks and the potential for harm from any IoT devices that become compromised

The NCCoE has produced a practice guide to demonstrate the practicality and effectiveness of using the Internet Engineering Task Force’s Manufacturer Usage Description (MUD) standard to strengthen security for IoT devices on home and small-business networks. This guide demonstrates how organizations can use MUD to reduce the vulnerability of IoT devices to network-based threats such as distributed denial of service attacks (DDoS) and mitigate the potential for harm resulting from exploitation of IoT devices. MUD works by enabling networks to automatically permit each IoT device to send and receive only the traffic it requires to perform as intended, while blocking unauthorized communication with the device.
Status: Finalized Guidance

This practice guide shows how IoT device developers and manufacturers, network equipment developers and manufacturers, and service providers who employ MUD-capable components how to integrate and use MUD and other tools to satisfy IoT users’ security requirements.

Upon review, we recognize that this NIST/NCCoE publication contains potentially biased terminology. As new publications are developed, they will follow NIST’s inclusive language guidance.

NIST SP 1800-15: Complete Guide (HTML)Web Version NIST SP 1800-15: Complete Guide (HTML)
NIST SP 1800-15: Complete Guide (PDF)Web Version NIST SP 1800-15: Complete Guide (PDF)
NIST SP 1800-15A: Executive SummaryDocument Version NIST SP 1800-15A: Executive Summary
NIST SP 1800-15B: Approach, Architecture, and Security CharacteristicsDocument Version NIST SP 1800-15B: Approach, Architecture, and Security Characteristics
NIST SP 1800-15C: How-To GuidesDocument Version NIST SP 1800-15C: How-To Guides
NIST SP 1800-15D: Functional Demonstration ResultsDocument Version NIST SP 1800-15D: Functional Demonstration Results

Project Abstract

The goal of the Internet Engineering Task Force’s MUD specification is for IoT devices to behave as the devices’ manufacturers intended. MUD provides a standard way for manufacturers to indicate the network communications that a device requires to perform its intended function.

When MUD is used, the network will automatically permit the IoT device to send and receive only the traffic it requires to perform as intended, and the network will prohibit all other communication with the device, thereby increasing the device’s resilience to network-based attacks.

In this project, the NCCoE demonstrated the ability to ensure that when an IoT device connects to a home or small-business network, MUD can automatically permit the device to send and receive only the traffic it requires to perform its intended function.

When MUD is used, the network will automatically permit the IoT device to send and receive only the traffic it requires to perform as intended, and the network will prohibit all other communication with the device, thereby increasing the device’s resilience to network-based attacks. 

Collaborating Vendors

Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.

Supplemental Resources

Cybersecurity Paper: Methodology for Characterizing Network Behavior of Internet of Things (IoT) Devices
Demonstrates how to use device characterization techniques to describe the communication requirements of IoT devices in support of the MUD Specification.  The cybersecurity paper delves into capturing network communications from IoT devices for analysis and generation of MUD files. Learn more about this cybersecurity paper.

Companion Tools
NCCoE created a tool called MUD-PD for characterizing IoT devices particularly for use with MUD. The tool is helpful in generating MUD files and can be accessed here.

MUD-Related Resources 
Find MUD-related resources and information, including standards, tools, implementations, research papers, articles, and conferences here.

Metal arrow pointing upward

Join the Community of Interest

Employee speaking on video call with colleagues on online briefing with laptop at home

A Community of Interest (COI) is a group of professionals and advisors who share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Share your expertise and consider becoming a member of this project's COI. 

Tell us about yourself