Best Practice 25.3 – Use device level features to enable re-provisioning - IoT Lens Checklist

Best Practice 25.3 – Use device level features to enable re-provisioning

A birth or bootstrap certificate is a low-privilege unique certificate that is associated with each device during the manufacturing process. The certificate should have a policy to restrict devices to only allow connecting to specific endpoints to initiate provisioning process and fetch the final certificate. Before a device is provisioned, it should be limited in functionality to prevent its misuse. Only after a provisioning process is invoked and approved, should the device be allowed to operate on the system as designed.

Recommendation 25.3.1 – Use a certificate bootstrapping process to establish processes for device assembly, registration, and activation

  • For example, AWS IoT Core offers a fleet provisioning interface to devices for upgrading a birth certificate to long-lived credentials that enable normal runtime operations.

Recommendation 25.3.2 – Obtain a list of allowed devices from the device manufacturer

  • Check the allow list file to validate that the device has been fully vetted by the supplier.

  • Ensure that this list is securely transferred from the manufacturer to you, is encrypted, and is not publicly accessible.

  • Ensure that any bootstrap certificate used is signed by a certificate authority (CA) you own or trust.