ISO IEC IEEE 8802-1AR-2020 PDF

Full title and description

ISO/IEC/IEEE 8802-1AR:2020 — Telecommunications and information exchange between systems — Requirements for local and metropolitan area networks — Part 1AR: Secure device identity. This international standard defines a framework and formats for unique per-device identifiers (DevIDs), how those identifiers are cryptographically bound to a device, and how they are used with provisioning and authentication protocols to enable interoperable secure device authentication.

Abstract

The standard specifies Initial Device Identifiers (IDevIDs) provisioned by manufacturers, Locally Significant Device Identifiers (LDevIDs) created for local administrative purposes, and the DevID module model that protects private keys and credentials. DevIDs are intended to be used with Extensible Authentication Protocol (EAP) and other authentication/provisioning protocols so networked devices can be authenticated and authorized in a predictable, interoperable way. The 2020 adoption aligns IEEE 802.1AR content with ISO/IEC and includes modern certificate/profile and algorithm guidance (for example support for stronger ECDSA/SHA-384 options introduced in prior revisions and amendments).

General information

• Status: Published / Active international standard (adoption of IEEE 802.1AR content as an ISO/IEC/IEEE standard).
• Publication date: March 2020 (ISO/IEC/IEEE 8802-1AR:2020 — published March 19–30, 2020 depending on publisher records).
• Publisher: Joint ISO / IEC / IEEE publication (ISO, IEC and IEEE bodies cooperating on the international adoption).
• ICS / categories: 35.110 (Telecommunications and information exchange between systems).
• Edition / version: Edition 2.0 (ISO/IEC/IEEE 8802-1AR:2020).
• Number of pages: 59 pages (ISO/IEC publication page count; publisher PDFs/formats may show different totals).

Scope

Defines secure device identity constructs and lifecycle: how an Initial Device Identifier (IDevID) is installed and protected, how Locally Significant Device Identifiers (LDevIDs) can be generated and bound to a device, DevID module protections, certificate/profile and algorithm guidance, and the interfaces and methods for using DevIDs with provisioning and authentication protocols (notably EAP and other commonly used enrollment/authentication mechanisms). The goal is interoperable, verifiable device identity for network access, provisioning, and authorization.

Key topics and requirements

• Definitions and formats for DevID, IDevID, and LDevID identifiers and certificates.
• DevID module model and security requirements for key protection and credential storage.
• Procedures for creating, provisioning, and managing LDevIDs derived from IDevIDs.
• Cryptographic algorithm and certificate-profile guidance (including support aligned with stronger ECDSA P-384 / SHA-384 suites introduced in recent revisions/amendments).
• Interfaces and usage guidance for integrating DevIDs with authentication and enrollment protocols (e.g., EAP, and mappings into other token/attestation schemes).
• Requirements to ensure identifiers are globally unique (IDevID) and that LDevIDs are infeasible to forge or transfer without the device private key.

Typical use and users

Device and module manufacturers (to provision IDevIDs), network equipment vendors and system integrators (to support DevID usage in products), network and security architects and administrators (to deploy and manage LDevIDs and device enrollment), IoT and embedded device developers (to provide verifiable device identity), and government/enterprise procurement and compliance teams (to specify secure identity requirements). Implementers often use this standard alongside 802.1X, certificate management systems, TPM or secure element capabilities, and device onboarding frameworks.

Related standards

Commonly used alongside IEEE 802.1X (port-based network access control), IEEE 802.1AE (MACsec) for link-layer security, earlier and related IEEE 802.1AR versions (2009, 2018), relevant IEEE 802.1 amendments, and IETF/industry specifications for certificate profiles, attestation tokens and device onboarding (for example RFCs and profiles that reference DevID and map DevID to other attestation or token formats). Standards for secure modules (TPM, secure elements) and onboarding frameworks (OEM/industry-specific) are also frequently referenced.

Keywords

Secure device identity, DevID, IDevID, LDevID, device authentication, device onboarding, X.509 certificate, certificate profile, cryptographic binding, EAP, IEEE 802.1AR, device attestation, device lifecycle.

FAQ

Q: What is this standard?

A: ISO/IEC/IEEE 8802-1AR:2020 (IEEE 802.1AR adopted as an ISO/IEC/IEEE international standard) defines a standardized, cryptographically-backed device identity (DevID) model to authenticate devices on local and metropolitan area networks, and specifies how those identities are managed and protected.

Q: What does it cover?

A: It covers the format and use of Initial Device Identifiers (IDevIDs) and Locally Significant Device Identifiers (LDevIDs), the DevID module security model, certificate and algorithm guidance, and interfaces to provisioning and authentication protocols so devices can be securely identified and enrolled.

Q: Who typically uses it?

A: Device manufacturers, network equipment vendors, integrators, security architects, and network administrators use it to provision, verify, and manage device identities; IoT, industrial and embedded device developers also rely on it for secure onboarding and attestation.

Q: Is it current or superseded?

A: The 2020 ISO/IEC/IEEE 8802-1AR edition is the international adoption of IEEE 802.1AR material and is published and active as of March 2020. Ongoing amendment and revision activity in the IEEE/802.1 working group can introduce updates or future amendments; consult publisher records for any subsequent amendments or revision projects.

Q: Is it part of a series?

A: Yes — it is Part 1AR within the broader ISO/IEC/IEEE 8802-1 series (IEEE 802.1 family) addressing LAN/MAN standards; related parts address MAC service definition, security (802.1AE), timing (802.1AS), and various bridged network functions.

Q: What are the key keywords?

A: DevID, IDevID, LDevID, secure device identity, cryptographic binding, device onboarding, EAP, X.509 certificate, device attestation.