U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Final NIST IR 8349 Released: Characterize & Secure Your IoT Devices

Share

The NIST National Cybersecurity Center of Excellence (NCCoE) has published the final version of NIST Internal Report (IR) 8349, Methodology for Characterizing Network Behavior of Internet of Things (IoT) Devices.



Characterizing and understanding the expected network behavior of IoT devices is essential for cybersecurity; it enables the implementation of appropriate network access controls to protect the devices and the networks on which they are deployed. Device characterization techniques that describe the communication requirements of IoT devices, in support of the NCCoE Securing Home IoT Devices Using Manufacturer Usage Description (MUD) project, can aid in securing devices and their networks. 



To properly secure networks, network administrators need to understand what devices are on the network and what network communication each device requires to perform its intended functions. In the case of networks that include IoT devices, it is often difficult to identify each individual device, much less know what network access is required by each device to other network components (and what access other network components need to each device).



NIST's publication describes recommended techniques to capture, document, and characterize the entire range of an IoT device’s network behavior across various use cases and conditions. Using this methodology, IoT device manufacturers and developers, network operators, cloud providers, and researchers can generate files conforming to the MUD specification, which provides a standard way to specify the network communications that an IoT device requires to perform its intended functions. This publication also introduces MUD-PD, an open-source tool developed by the NIST NCCoE to help automate the characterization of IoT devices and subsequent creation of MUD files.



Join the NCCoE IoT Project Community of Interest

To receive project updates and help shape our future work, sign up for the NCCoE IoT Community of Interest



View the Publication

 

View this on the NCCoE website

Information technology and Cybersecurity and privacy
Released August 28, 2025
Was this page helpful?