MUD (Manufacturer Usage Description, RFC 8520).

An IETF standard for IoT devices to publish a machine-readable description of their intended network behavior, which routers and switches can use to automatically constrain the device to its expected communication patterns. サイバーセキュリティの OT / ICS / IoT カテゴリに属します。

An IETF standard for IoT devices to publish a machine-readable description of their intended network behavior, which routers and switches can use to automatically constrain the device to its expected communication patterns.

Manufacturer Usage Description (MUD, RFC 8520), published by the IETF in 2019, is a framework for IoT devices to advertise to the network exactly what communication they need. A MUD-aware device sends a MUD URL during DHCP, LLDP, or 802.1X — pointing to a small JSON file (the 'MUD file') hosted by the manufacturer. The MUD file describes intended endpoints (controller cloud services, NTP servers, etc.), allowed protocols, and allowed peer roles in a structured policy language. A MUD-aware switch, router, or NAC translates that description into per-device ACLs or microsegmentation rules, denying everything outside the manufacturer's declared behavior. The intent is to make 'one camera-vendor's botnet' impossible — a compromised IP camera cannot scan or pivot to other internal hosts because the network refuses anything outside the device's declared profile. NIST SP 1800-15 published a reference architecture and Cisco, Aruba, and several IoT-security vendors implement MUD or MUD-like profiles. Adoption is limited because it requires manufacturer participation, but MUD remains the most concrete IETF answer to the 2016-Mirai-class IoT worm threat.

MUD (Manufacturer Usage Description, RFC 8520) に対する防御は通常、上記の定義で述べたとおり、技術的統制と運用上の実践を組み合わせます。

一般的な別名: Manufacturer Usage Description, RFC 8520 MUD。