The National Cybersecurity Center of Excellence (NCCoE) has released a draft project description Trusted Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle Management-Enhancing Internet Protocol-Based IoT Device and Network Security.
Publication of this project description begins a process to gather comments to help us further identify and refine project requirements and scope. The comment period is now open and will close on April 19, 2021.
Network-layer onboarding of an IoT device is the provisioning of network credentials to that device. The current lack of trusted IoT device onboarding processes leaves many networks vulnerable to having unauthorized devices connect to them. It also leaves devices vulnerable to being taken over by networks that are not authorized to onboard them.