Marron, J.
, Fagan, M.
, Souppaya, M.
, Watrobski, P.
, Mulugeta, B.
, Symington, S.
, Barker, W.
, Klosterman, J.
, Rearick, C.
, Deane, C.
, Harkins, D.
, Jump, D.
, Richardson, M.
, Dolan, A.
, Haefner, K.
, Pratt, C.
, Thakore, D.
, Romness, P.
, Baker, T.
, Griego, D.
, Wyseur, B.
, Allott, N.
, Mereacre, A.
, Setter, A.
, Delplancke, J.
, Clark, S.
, Dow, M.
, Egerter, S.
and Kent, K.
(2025),
Trusted Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle Management: Enhancing Internet Protocol-Based IoT Device and Network Security, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.1800-36, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=960288
(Accessed November 26, 2025)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Trusted Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle Management: Enhancing Internet Protocol-Based IoT Device and Network Security
Published
Author(s)
, , , , Blaine Mulugeta, Susan Symington, , , , Chelsea Deane, Dan Harkins, Danny Jump, Michael Richardson, Andy Dolan, Kyle Haefner, Craig Pratt, Darshak Thakore, Peter Romness, Tyler Baker, David Griego, Brecht Wyseur, Nick Allott, Alexandru Mereacre, Ashley Setter, Julien Delplancke, Steve Clark, Mike Dow, Steve Egerter, Karen Kent
Abstract
Establishing trust between a network and an Internet of Things (IoT) device (as defined in NIST Internal Report 8425) prior to providing the device with the credentials it needs to join the network is crucial for mitigating the risk of potential attacks. There are two possibilities for attack. One happens when a device is convinced to join an unauthorized network, which would take control of the device. The other occurs when a malicious device infiltrates a network. Trust is achieved by attesting and verifying the identity and posture of the device and the network before providing the device with its network credentials—a process known as network-layer onboarding. In addition, scalable, automated mechanisms are needed to safely manage IoT devices throughout their lifecycles, such as safeguards that verify the security posture of a device before the device is permitted to execute certain operations. In this practice guide, the National Cybersecurity Center of Excellence (NCCoE) applies standards, best practices, and commercially available technology to demonstrate various mechanisms for trusted network-layer onboarding of IoT devices in Internet Protocol-based environments. This guide shows how to provide network credentials to IoT devices in a trusted manner and maintain a secure device posture throughout the device lifecycle, thereby enhancing IoT security.Citation
Special Publication (NIST SP) - 1800-36
Report Number
1800-36
NIST Pub Series
Pub Type
NIST Pubs
Download Paper
Keywords
application-layer onboarding, bootstrapping, Internet of Things (IoT), Manufacturer Usage Description (MUD), network-layer onboarding, onboarding, Wi-Fi Easy Connect
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact [email protected].
Created November 25, 2025