U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Trusted IoT Device Network-Layer Onboarding and Lifecycle Management

As with any other device, an IoT device needs appropriate credentials in order to connect to a network securely. The process of provisioning these credentials to the device is called network-layer onboarding.

Approaches to trusted network-layer onboarding of IoT devices and lifecycle management of the devices

The NCCoE, in collaboration with industry, is committed to providing actionable cybersecurity solutions to help strengthen the security of IoT devices and their networks through trusted network-layer onboarding and lifecycle management.
Status: Finalized

NIST Special Publication 1800-36, Trusted IoT Device Network-Layer Onboarding and Lifecycle Management and NIST Cybersecurity White Paper 42, Towards Automating IoT Security: Implementing Trusted Network-Layer Onboarding have been finalized. 

NIST CSWP 42: Towards Automating IoT Security: Implementing Trusted Network-Layer Onboarding (Final)Web Version NIST CSWP 42: Towards Automating IoT Security: Implementing Trusted Network-Layer Onboarding (Final)
NIST SP 1800-36A: Executive Summary (Final)Document Version NIST SP 1800-36A: Executive Summary (Final)
NIST SP 1800-36B: Approach, Architecture, and Security Characteristics (Final)Document Version NIST SP 1800-36B: Approach, Architecture, and Security Characteristics (Final)
NIST SP 1800-36C: How-To Guides (Final)Document Version NIST SP 1800-36C: How-To Guides (Final)
NIST SP 1800-36D: Functional Demonstrations (Final)Document Version NIST SP 1800-36D: Functional Demonstrations (Final)
NIST SP 1800-36E: Risk and Compliance Management (Final)Document Version NIST SP 1800-36E: Risk and Compliance Management (Final)
NIST SP 1800-36: Complete Guide PDF (Final)Web Version NIST SP 1800-36: Complete Guide PDF (Final)
View the 2-page Fact Sheet

Project Abstract

Provisioning network credentials to IoT devices in an untrusted manner leaves networks vulnerable to having unauthorized IoT devices connect to them. It also leaves IoT devices vulnerable to being taken over by unauthorized networks. Instead, trusted, scalable, and automatic mechanisms are needed to safely manage IoT devices throughout their lifecycles, beginning with secure ways to provision devices with their network credentials—a process known as trusted network-layer onboarding. Trusted network-layer onboarding, in combination with additional device security capabilities such as device attestation, application-layer onboarding, secure lifecycle management, and device intent enforcement could improve the security of networks and IoT devices.

This practice guide aims to demonstrate how organizations can protect both their IoT devices and their networks. The NCCoE collaborated with product and service providers to produce example implementations of trusted network-layer onboarding and capabilities that improve device and network security throughout the IoT-device lifecycle.

Read the project description

The current lack of trusted IoT device onboarding processes leaves many networks vulnerable to having unauthorized devices connect to them.

Supplemental Resources

NIST Interagency Report 8350: Foundational Concepts in Trusted IoT Device Network-Layer Onboarding  

This document is intended to describe the capabilities, characteristics, and benefits of trusted IoT device network-layer onboarding and explain the important role that onboarding can play in the protection of IoT devices and networks throughout the device lifecycle. By providing a common language that describes and clarifies various onboarding capabilities, this paper assists with discussion, characterization, and development of trusted onboarding solutions. 

Read the paper
Metal arrow pointing upward

Collaborating Vendors

Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.

Join the Community of Interest

Employee speaking on video call with colleagues on online briefing with laptop at home

A Community of Interest (COI) is a group of professionals and advisors who share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Share your expertise and consider becoming a member of this project's COI. 

Tell us about yourself