Appendix A List of Acronyms

AAA

Authentication, Authorization, and Accounting

ACE

Access Control Entry

ACK

Acknowledgment

ACL

Access Control List

API

Application Programming Interface

CMS

Cryptographic Message Syntax

COA

Change of Authorization

CoAP

Constrained Application Protocol

CRADA

Cooperative Research and Development Agreement

DACL

Dynamic Access Control List

DB

Database

DDoS

Distributed Denial of Service

Devkit

Development Kit

DHCP

Dynamic Host Configuration Protocol

DNS

Domain Name System

FIPS

Federal Information Processing Standard

GCA

Global Cyber Alliance

GUI

Graphical User Interface

http

Hypertext Transfer Protocol

https

Hypertext Transfer Protocol Secure

IETF

Internet Engineering Task Force

IOS

Cisco’s Internetwork Operating System

IoT

Internet of Things

IP

Internet Protocol

IPv4

Internet Protocol Version 4

IPv6

Internet Protocol Version 6

IT

Information Technology

ITL

NIST’s Information Technology Laboratory

JSON

JavaScript Object Notation

LAN

Local Area Network

LDAP

Lightweight Directory Access Protocol

LED

Light-Emitting Diode

LLDP

Link Layer Discovery Protocol (Institute of Electrical and Electronics Engineers 802.1AB)

MAB

MAC Authentication Bypass

MAC

Media Access Control

MQTT

Message Queuing Telemetry Transport

MUD

Manufacturer Usage Description

NAS

Network Access Server

NAT

Network Address Translation

NCCoE

National Cybersecurity Center of Excellence

NIST

National Institute of Standards and Technology

NTP

Network Time Protocol

OS

Operating System

PC

Personal Computer

PoE

Power over Ethernet

RADIUS

Remote Authentication Dial-In User Service

REST

Representational State Transfer

RFC

Request for Comments

RMF

Risk Management Framework

SDN

Software-Defined Networking

SNMP

Simple Network Management Protocol

SP

Special Publication

SSL

Secure Sockets Layer

TCP

Transmission Control Protocol

TCP/IP

Transmission Control Protocol/Internet Protocol

TEAP

Tunnel Extensible Authentication Protocol

TFTP

Trivial File Transfer Protocol

TLS

Transport Layer Security

TLV

Type Length Value

UDP

User Datagram Protocol

UI

User Interface

URL

Uniform Resource Locator

VLAN

Virtual Local Area Network

WAN

Wide Area Network

WPA2

Wi-Fi Protected Access 2 Security Certificate Protocol (IEEE 802.11i-2004 standard)

WPA3

Wi-Fi Protected Access 3 Security Certificate protocol

YANG

Yet Another Next Generation

Appendix B Glossary

Audit

Independent review and examination of records and activities to assess the adequacy of system controls to ensure compliance with established policies and operational procedures (National Institute of Standards and Technology [NIST] Special Publication [SP] 800-12 Rev. 1)

Best Practice

A procedure that has been shown by research and experience to produce optimal results and that is established or proposed as a standard suitable for widespread adoption (Merriam-Webster)

Botnet

The word “botnet” is formed from the words “robot” and “network.” Cybercriminals use special Trojan viruses to breach the security of several usersʼ computers, take control of each computer, and organise all of the infected machines into a network of “bots” that the criminal can remotely manage. (https://usa.kaspersky.com/resource-center/threats/botnet-attacks)

Control

A measure that is modifying risk (Note: Controls include any process, policy, device, practice, or other actions that modify risk.) (NIST Interagency or Internal Report 8053)

Denial of Service

The prevention of authorized access to a system resource or the delaying of system operations and functions (NIST SP 800-82 Rev. 2)

Distributed Denial of Service (DDoS)

A denial of service technique that uses numerous hosts to perform the attack (NIST Interagency or Internal Report 7711)

Managed Devices

Personal computers, laptops, mobile devices, virtual machines, and infrastructure components require management agents, allowing information technology staff to discover, maintain, and control these devices. Those with broken or missing agents cannot be seen or managed by agent-based security products.

Manufacturer Usage Description (MUD)

A component-based architecture specified in Request for Comments (RFC) 8250 that is designed to provide a means for end devices to signal to the network what sort of access and network functionality they require to properly function

Mapping

Depiction of how data from one information source maps to data from another information source

Mitigate

To make less severe or painful or to cause to become less harsh or hostile (Merriam-Webster)

MUD-Capable

An IoT device that is capable of emitting a MUD uniform resource locator (URL) in compliance with the MUD specification

Network Address Translation (NAT)

A function by which internet protocol (IP) addresses within a packet are replaced with different IP addresses. This function is most commonly performed by either routers or firewalls. It enables private IP networks that use unregistered IP addresses to connect to the internet. NAT operates on a router, usually connecting two networks together, and translates the private (not globally unique) addresses in the internal network into legal addresses before packets are forwarded to another network.

Non-MUD-Capable

An IoT device that is not capable of emitting a MUD URL in compliance with the MUD specification (RFC 8250)

Policy

Statements, rules, or assertions that specify the correct or expected behavior of an entity. For example, an authorization policy might specify the correct access control rules for a software component. (NIST SP 800-95 and NIST Interagency or Internal Report 7621 Rev. 1)

Policy Enforcement Point

A network device on which policy decisions are carried out or enforced

Risk

The net negative impact of the exercise of a vulnerability, considering both the probability and the impact of occurrence. Risk management is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level. (NIST SP 800-30)

Router

A computer that is a gateway between two networks at open systems interconnection layer 3 and that relays and directs data packets through that internetwork. The most common form of router operates on IP packets. (NIST SP 800-82 Rev. 2)

Security Control

A safeguard or countermeasure prescribed for an information system or an organization, which is designed to protect the confidentiality, integrity, and availability of its information and to meet a set of defined security requirements (NIST SP 800-53 Rev. 4)

Server

A computer or device on a network that manages network resources. Examples are file servers (to store files), print servers (to manage one or more printers), network servers (to manage network traffic), and database servers (to process database queries). (NIST SP 800-47)

Shall

A requirement that must be met unless a justification of why it cannot be met is given and accepted (NIST Interagency or Internal Report 5153)

Should

This term is used to indicate an important recommendation. Ignoring the recommendation could result in undesirable results. (NIST SP 800-108)

Threat

Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat source to successfully exploit a particular information system vulnerability (Federal Information Processing Standards 200)

Threat Signaling

Real-time signaling of DDoS-related telemetry and threat-handling requests and data between elements concerned with DDoS attack detection, classification, traceback, and mitigation (https://joinup.ec.europa.eu/collection/rolling-plan-ict-standardisation/cybersecurity-network-and-information-security)

Traffic Filter

An entry in an access control list that is installed on the router or switch to enforce access controls on the network

Uniform Resource Locator (URL)

A reference to a web resource that specifies its location on a computer network and a mechanism for retrieving it. A typical URL could have the form http://www.example.com/index.html, which indicates a protocol (hypertext transfer protocol [http]), a host name (www.example.com), and a file name (index.html). Also sometimes referred to as a web address

Update

New, improved, or fixed software, which replaces older versions of the same software. For example, updating an operating system brings it up-to-date with the latest drivers, system utilities, and security software. Updates are often provided by the software publisher free of charge. (https://www.computerhope.com/jargon/u/update.htm)

Update Server

A server that provides patches and other software updates to Internet of Things devices

Virtual Local Area Network (VLAN)

A broadcast domain that is partitioned and isolated within a network at the data link layer. A single physical local area network (LAN) can be logically partitioned into multiple, independent VLANs; a group of devices on one or more physical LANs can be configured to communicate within the same VLAN as if they were attached to the same physical LAN.

Vulnerability

Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source (NIST SP 800-37 Rev. 2)

Appendix C Bibliography

Request for Comments (RFC) 8520. (2019, Mar.) “Manufacturer Usage Description Specification” [Online]. Available: https://tools.ietf.org/html/rfc8520.

Cisco’s developer MUD Manager GitHub page [Website]. Available: https://github.com/CiscoDevNet/MUD-Manager/tree/1.0#dependancies.

Apache HTTP Server Project documentation, Version 2.4. Compiling and Installing Apache [Website]. Available: https://httpd.apache.org/docs/current/install.html.

Apache HTTP Server Project documentation, Version 2.4. Apache SSL/TLS Encryption [Website]. Available: https://httpd.apache.org/docs/current/ssl/ssl_howto.html.

Welcome to MUD File maker! [Website]. Available: https://www.mudmaker.org/.

DigiCert. Advanced CertCentral Getting Started Guide, Version 9.2 [Website]. Available: https://www.digicert.com/certcentral-support/digicert-getting-started-guide.pdf.

DigiCert. SSL Certificate Support [Website]. Available: https://www.digicert.com/security-certificate-support/.

DigiCert. Order your SSL/TLS certificates [Website]. Available: https://docs.digicert.com/manage-certificates/order-your-ssltls-certificates/.

DigiCert. CertCentral Client Certificate Guide, Version 1.9 [Website]. Available: https://www.digicert.com/certcentral-support/client-certificate-guide.pdf.

Forescout. ForeScout CounterAct® Installation Guide, Version 8.0.1 [Website]. Available: https://www.Forescout.com/wp-content/uploads/2018/10/CounterACT_Installation_Guide_8.0.1.pdf.

Forescout. (2018, Feb.) ForeScout CounterAct Device Profile Library Configuration Guide [Website]. Available: https://www.Forescout.com/wp-content/uploads/2018/04/CounterACT_Device_Profile_Library.pdf.

Forescout. (2018, Feb.) ForeScout CounterAct IoT Posture Assessment Library Configuration Guide [Website]. Available: https://www.Forescout.com/wp-content/uploads/2018/04/CounterACT_IoT_Posture_Assessment_Library-1.pdf.

Forescout. ForeScout CounterAct Open Integration Module Overview Guide, Version 1.1 [Website]. Available: https://www.Forescout.com/wp-content/uploads/2018/08/CounterACT_Open_Integration_Module_Overview_1.1.pdf.

Forescout. (2018, Feb.) ForeScout CounterAct Windows Applications Configuration Guide [Website]. Available: https://www.Forescout.com/wp-content/uploads/2018/04/CounterACT_Windows_Applications.pdf.

Forescout. (2018, Feb.) ForeScout CounterAct Windows Vulnerability DB Configuration Guide [Website]. Available: https://www.Forescout.com/wp-content/uploads/2018/04/CounterACT_Windows_Vulnerability_DB_18.0.2.pdf.

Forescout. HPS NIC Vendor DB Configuration Guide, Version 1.2.4 [Website]. Available: https://www.Forescout.com/wp-content/uploads/2018/04/HPS_NIC_Vendor_DB_1.2.4.pdf.