MUD (Manufacturer Usage Description, RFC 8520).

An IETF standard for IoT devices to publish a machine-readable description of their intended network behavior, which routers and switches can use to automatically constrain the device to its expected communication patterns. Относится к категории OT / ICS / IoT в кибербезопасности.

An IETF standard for IoT devices to publish a machine-readable description of their intended network behavior, which routers and switches can use to automatically constrain the device to its expected communication patterns.

Manufacturer Usage Description (MUD, RFC 8520), published by the IETF in 2019, is a framework for IoT devices to advertise to the network exactly what communication they need. A MUD-aware device sends a MUD URL during DHCP, LLDP, or 802.1X — pointing to a small JSON file (the 'MUD file') hosted by the manufacturer. The MUD file describes intended endpoints (controller cloud services, NTP servers, etc.), allowed protocols, and allowed peer roles in a structured policy language. A MUD-aware switch, router, or NAC translates that description into per-device ACLs or microsegmentation rules, denying everything outside the manufacturer's declared behavior. The intent is to make 'one camera-vendor's botnet' impossible — a compromised IP camera cannot scan or pivot to other internal hosts because the network refuses anything outside the device's declared profile. NIST SP 1800-15 published a reference architecture and Cisco, Aruba, and several IoT-security vendors implement MUD or MUD-like profiles. Adoption is limited because it requires manufacturer participation, but MUD remains the most concrete IETF answer to the 2016-Mirai-class IoT worm threat.

Защита от MUD (Manufacturer Usage Description, RFC 8520) обычно сочетает технические меры и операционные практики, как описано в определении выше.

Распространённые альтернативные названия: Manufacturer Usage Description, RFC 8520 MUD.