Date Published: July 2019
Comments Due:
Email Questions to:
Author(s)
Murugiah Souppaya (NIST), William Haag (NIST), Paul Turner (Venafi), William Barker (Dakota Consulting)
Announcement
This project is using commercially available technologies to develop a cybersecurity reference design that demonstrates how to establish, assign, change and track an inventory of Transport Layer Security (TLS) certificates in medium and large enterprises. Improper oversight of TLS server certificates--which can number into the thousands for a single organization--can cause system outages and security breaches, which can result in revenue loss, harm to reputation, and exposure of confidential data to attackers.
The public comment period is open until September 13, 2019. We will use this feedback to help shape the final version of this guide. We believe that organizations that adopt NIST's recommended best practices surrounding the oversight of large scale TLS server certificates will strengthen their cybersecurity posture by implementing a plan that helps them better protect their data, privacy and web operations.
NOTE: A call for patent claims is included on page v of Volume B. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.
This NIST Cybersecurity Practice Guide shows large and medium enterprises how to employ a formal Transport Layer Security (TLS) certificate management program to address certificate-based risks and challenges. It describes the TLS certificate management challenges faced by organizations; provides recommended best practices for large-scale TLS server certificate management; describes an automated proof-of-concept implementation that demonstrates how to prevent, detect, and recover from certificate-related incidents; and provides a mapping of the demonstrated capabilities to the recommended best practices and to NIST security guidelines and frameworks. This NIST Cybersecurity Practice Guide consists of the following volumes: Volume A: Executive Summary; Volume B: Security Risks and Recommended Best Practices; Volume C: Approach, Architecture, and Security Characteristics; Volume D: How-To Guides – instructions for building the example solution.
This NIST Cybersecurity Practice Guide shows large and medium enterprises how to employ a formal Transport Layer Security (TLS) certificate management program to address certificate-based risks and challenges. It describes the TLS certificate management challenges faced by organizations; provides...
See full abstract
This NIST Cybersecurity Practice Guide shows large and medium enterprises how to employ a formal Transport Layer Security (TLS) certificate management program to address certificate-based risks and challenges. It describes the TLS certificate management challenges faced by organizations; provides recommended best practices for large-scale TLS server certificate management; describes an automated proof-of-concept implementation that demonstrates how to prevent, detect, and recover from certificate-related incidents; and provides a mapping of the demonstrated capabilities to the recommended best practices and to NIST security guidelines and frameworks. This NIST Cybersecurity Practice Guide consists of the following volumes: Volume A: Executive Summary; Volume B: Security Risks and Recommended Best Practices; Volume C: Approach, Architecture, and Security Characteristics; Volume D: How-To Guides – instructions for building the example solution.
Hide full abstract
Keywords
authentication; certificate; cryptography; identity; key; key management; PKI; private key; public key; public key infrastructure; server; signature; TLS; Transport Layer Security
Control Families
Access Control; Audit and Accountability; Configuration Management; Program Management; System and Information Integrity
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
