The NIST National Cybersecurity Center of Excellence has released NIST Cybersecurity White Paper 42, Towards Automating IoT Security: Implementing Trusted Network-Layer Onboarding, for public comment.
The comment period is open until 1:59 PM (AEST) on May 30, 2025.
The NIST National Cybersecurity Center of Excellence, in collaboration with 11 technology vendors, has developed several technical build implementations using commercially available technologies such as Wi-Fi Easy Connect, Bootstrapping Remote Key Infrastructure, and Thread.
This White Paper outlines the security advantages of the implementations documented in NIST Special Publication 1800-36, as well as additional technologies such as Matter and FIDO Device Onboarding.
IoT device network-layer onboarding is an automated mechanism for securely provisioning network credentials to devices, thereby improving network security and management. IoT devices can measure consumption, detect component faults, monitor water quality, measure toxins, and detect infrastructure breaches.
Whether used in complex operational networks or simple home networks, the goal is to avoid exposing these networks to additional threats. Key capabilities of trusted IoT device network-layer onboarding include per-device network credentials, zero-touch onboarding, configurable trust policies, and continuous assurance.
Organisations and individuals using IoT devices to collect data for quick identification of potential issues and rapid response management are encouraged to review this draft publication and provide comments.
The comment template can be found on the NCCoE project website.
