Best Current Practices for Securing Internet of Things (IoT) Devices

Document Type Expired Internet-Draft (individual)
Authors Keith Moore  , Richard Barnes  , Hannes Tschofenig 
Last updated 2018-01-04 (latest revision 2017-07-03)
Stream (None)
Intended RFC status (None)
Expired & archived
plain text xml pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


In recent years, embedded computing devices have increasingly been provided with Internet interfaces, and the typically-weak network security of such devices has become a challenge for the Internet infrastructure. This document lists a number of minimum requirements that vendors of Internet of Things (IoT) devices need to take into account during development and when producing firmware updates, in order to reduce the frequency and severity of security incidents in which such devices are implicated.


Keith Moore (
Richard Barnes (
Hannes Tschofenig (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)