Comments on SP 1800-15 Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD) 

Thank you for your interest in commenting on the Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD) Preliminary Draft Practice Guide. The authors will review and adjudicate all comments received before publishing the next version. We appreciate you taking the time to read through and provide feedback to help the NCCoE refine this document. 

You may submit comments using the form on this page or by emailing them to mitigating-iot-ddos-nccoe@nist.gov. Anonymous comments are accepted, although including your name and contact information will enable the authors to contact you for clarification, if necessary. Please note that all comments received are subject to release under the Freedom of Information Act and are part of the public record. Please do not submit confidential business information or otherwise sensitive or protected information. A call for patent claims is included on page v of Volume B of this preliminary draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

The public comment period for this draft document is open through January 21, 2020.

 

As you review these volumes, please consider how they might apply to you and your organization and share your feedback with us. Here are a few questions to consider:

  • If you are an IoT device manufacturer, have you gained a better understanding of the relatively small steps you can take to design and enable devices you produce to take advantage of MUD? Are there areas in which you would like more guidance?
  • If you are network equipment manufacturer, are you considering implementing support for MUD in your products? Are there areas in which you would like more guidance?
  • If you are a service provider, did you find this guide useful in understanding how wide deployment of MUD could help reduce distributed denial of service attacks? Is MUD something that you want to consider deploying across your network and advocating that your customers use?
  • If you are an IoT device user, do you have a better understanding of the role that MUD can play in overall network security? Have you gained a better understanding of the benefits of both deploying the infrastructure required to support MUD and using IoT devices that can take advantage of MUD?
  • Has the guide made you interested in obtaining MUD-capable devices?
  • If you or your organization has implemented the example solution using this guide, what was your experience?
Comments
Comment 1