US NCCoE initiates public consultation regarding IoT devices onboarding
The US National Cybersecurity Center of Excellence (NCCoE) issued a draft report titled Trusted Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle Management for public consultation. The paper defines network-layer onboarding of an Internet of things (IoT) device as the provisioning of device network credentials during the device’s deployment on a network. The onboarding indicates that the device is provided with unique and trusted network credentials and establishes an encrypted channel without user knowledge of the credentials, thereby diminishing unauthorised credential disclosure. Using a trusted network-layer onboarding mechanism can prevent unauthorised devices from connecting to the network and protect devices from being taken over by unauthorised networks. The paper also describes a generic trusted onboarding process; defines onboarding functional roles; discusses onboarding-related aspects of IoT lifecycle management; presents onboarding use cases; and proposes recommended security capabilities for onboarding. The deadline for public comments is 8 October 2020.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.