Date Published: November 2017
Author(s)
William Haag (NIST), W. Polk (NIST), Murugiah Souppaya (NIST), William Barker (Dakota Consulting), Paul Turner (Venafi), Russ Housley (Vigil Security)
This project provides guidance on the governance and management of Transport Layer Security (TLS) server certificates in enterprise environments to reduce outages, improve security, and enable disaster recovery related to certificates. The project will be provided in a freely available NIST Cybersecurity Practice Guide, documenting an example solution that demonstrates how to perform the following actions:
- develop a set of policy attributes;
- establish and maintain an inventory of TLS certificates;
- assign and track certificate owners;
- identify issues and vulnerabilities of the TLS infrastructure;
- automate enrollment and installation;
- report the status of the TLS certificates; and
- continuously monitor TLS certificates in the typical enterprise environment.
This project provides guidance on the governance and management of Transport Layer Security (TLS) server certificates in enterprise environments to reduce outages, improve security, and enable disaster recovery related to certificates. The project will be provided in a freely available NIST...
See full abstract
This project provides guidance on the governance and management of Transport Layer Security (TLS) server certificates in enterprise environments to reduce outages, improve security, and enable disaster recovery related to certificates. The project will be provided in a freely available NIST Cybersecurity Practice Guide, documenting an example solution that demonstrates how to perform the following actions:
- develop a set of policy attributes;
- establish and maintain an inventory of TLS certificates;
- assign and track certificate owners;
- identify issues and vulnerabilities of the TLS infrastructure;
- automate enrollment and installation;
- report the status of the TLS certificates; and
- continuously monitor TLS certificates in the typical enterprise environment.
Hide full abstract
Keywords
certificate management; private-key security; certification authority (CA); CA compromise; automatic certificate management environment (ACME); secure sockets layer (SSL); transport layer security (TLS); public key infrastructure (PKI)
Control Families
None selected