The National Institute of Standards and Technology (NIST) released draft guidance on securing internet of things (IoT) devices for small business and home applications so that manufacturers can create products that only transmit data in approved ways.
The Internet Engineering Task Force’s manufacturer usage description (MUD) is intended to help implementers ensure that when these IoT devices connect to home or small-business networks, the MUD is “used to automatically permit the device to send and receive only the traffic it requires to perform its intended function.”
The MUD is also intended to reduce vulnerability to distributed denial of service (DDoS) attacks, which can cause significant damage to small-business networks and have recently been exploiting IoT devices on these networks, according to the guidance. The MUD combats DDoS attacks by prohibiting unauthorized traffic to and from the IoT devices, as well as preventing the device from being used to send traffic to unauthorized destinations should it become compromised.
NIST is seeking public comments on the draft guidance until June 24 with follow-up guidance to be produced in the fall to account for any gaps.