US NCCoE initiates public consultation regarding IoT devices onboarding

The US National Cybersecurity Center of Excellence (NCCoE) issued a draft report titled Trusted Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle Management for public consultation. The paper defines network-layer onboarding of an Internet of things (IoT) device as the provisioning of device network credentials during the device’s deployment on a network. The onboarding indicates that the device is provided with unique and trusted network credentials and establishes an encrypted channel without user knowledge of the credentials, thereby diminishing unauthorised credential disclosure. Using a trusted network-layer onboarding mechanism can prevent unauthorised devices from connecting to the network and protect devices from being taken over by unauthorised networks. The paper also describes a generic trusted onboarding process; defines onboarding functional roles; discusses onboarding-related aspects of IoT lifecycle management; presents onboarding use cases; and proposes recommended security capabilities for onboarding. The deadline for public comments is 8 October 2020.