Date Published: July 2019
Comments Due:
Email Comments to:
Author(s)
Elaine Barker (NIST), Quynh Dang (NIST), Sheila Frankel (NIST), Karen Scarfone (Scarfone Cybersecurity), Paul Wouters (No Hats Corporation)
Announcement
Internet Protocol Security (IPsec) is a network layer security control used to protect communications over public networks, encrypt IP traffic between hosts, and create virtual private networks (VPNs). A VPN provides a secure communication mechanism for data and control information between computers or networks, and the Internet Key Exchange (IKE) protocol is most commonly used to establish IPsec-based VPNs.
NIST invites comments on Draft Special Publication (SP) 800-77 Revision 1, Guide to IPsec VPNs, which contains practical recommendations for implementing security services based on IPsec and IKE to assist organizations in mitigating the risks associated with transmitting sensitive information across networks. Since the original publication of SP 800-77 in 2005, IPsec and IKE protocols have been enhanced, and much operational experience has been gained from the security solutions deployed. This revision contains new security and cryptographic recommendations and requirements with a focus on how IPsec provides network layer security services. The document also describes how organizations can implement IPsec, IKE, and their alternatives under varying circumstances.
NOTE: A call for patent claims is included on page iv of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.
Internet Protocol Security (IPsec) is a widely used network layer security control for protecting communications. IPsec is a framework of open standards for ensuring private communications over Internet Protocol (IP) networks. IPsec configuration is usually performed using the Internet Key Exchange (IKE) protocol. This publication provides practical guidance to organizations on implementing security services based on IPsec so that they can mitigate the risks associated with transmitting sensitive information across networks. The document focuses on how IPsec provides network layer security services and how organizations can implement IPsec and IKE to provide security under different circumstances. It also describes alternatives to IPsec and discusses under what circumstances each alternative may be appropriate.
Internet Protocol Security (IPsec) is a widely used network layer security control for protecting communications. IPsec is a framework of open standards for ensuring private communications over Internet Protocol (IP) networks. IPsec configuration is usually performed using the Internet Key...
See full abstract
Internet Protocol Security (IPsec) is a widely used network layer security control for protecting communications. IPsec is a framework of open standards for ensuring private communications over Internet Protocol (IP) networks. IPsec configuration is usually performed using the Internet Key Exchange (IKE) protocol. This publication provides practical guidance to organizations on implementing security services based on IPsec so that they can mitigate the risks associated with transmitting sensitive information across networks. The document focuses on how IPsec provides network layer security services and how organizations can implement IPsec and IKE to provide security under different circumstances. It also describes alternatives to IPsec and discusses under what circumstances each alternative may be appropriate.
Hide full abstract
Keywords
communications security; Internet Key Exchange (IKE); Internet Protocol (IP); Internet Protocol Security (IPsec); network layer security; networking; virtual private network (VPN)
Control Families
None selected