Official websites do not use .rip
A .gov website belongs to an official government organization in the United States.

We are building a provable archive!
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 1800-37 (2nd Preliminary Draft)

Addressing Visibility Challenges with TLS 1.3 within the Enterprise

Date Published: January 30, 2024
Comments Due: April 1, 2024
Email Comments to: applied-crypto-visibility@nist.gov

Author(s)

Murugiah Souppaya (NIST), William Barker (Dakota Consulting), Karen Scarfone (Scarfone Cybersecurity), John Kent (MITRE), David Wells (Mira Security), Johann Tonsing (Mira Security), Sean Turner (sn3rd), Erik Freeland (Nubeva), Russ Housley (Vigil Security), Murali Palamisamy (AppViewX), Dung Lam (F5), Paul Barrett (NETSCOUT), Ray Jones (NETSCOUT), Patrick Kelsey (Not for Radio)

Announcement

The Addressing Visibility Challenges with TLS 1.3 project builds on the NCCoE's earlier work, TLS Server Certificate Management, which showed organizations how to centrally monitor and manage their TLS certificates. We are now focusing on protocol enhancements such as TLS 1.3 which have helped organizations boost performance and address security concerns. These same enhancements have also reduced enterprise visibility into internal traffic flows within the organizations' environment. This project aims to change that—and has two main objectives:

  • Provide security and IT professionals with practical approaches and tools to help them gain more visibility into the information being exchanged on their organizations’ servers.
  • Help users fully adopt TLS 1.3 in their private data centers and in hybrid cloud environments—while maintaining regulatory compliance, security, and operations.

This project will result in a publicly available NIST Cybersecurity Practice Guide in the Special Publication 1800 series, which contains practical steps and guidance to implement our cybersecurity reference designs.

Volumes A (2nd preliminary draft) and B (initial preliminary draft) are now available for review and comment. The public comment period is open through April 1, 2024.

Abstract

Keywords

bounded lifetime; break and inspect; ephemeral; key management; middlebox; passive inspection; Transport Layer Security (TLS); visibility; protocol
Control Families

Access Control; System and Communications Protection; System and Information Integrity

Documentation

Publication:
NIST SP 1800-37A 2prd (pdf)
NIST SP 1800-37B iprd (pdf)

Supplemental Material:
Project homepage
NIST news article

Document History:
05/12/23: SP 1800-37 (Draft)
01/30/24: SP 1800-37 (Draft)

Topics

Security and Privacy

encryption, key management, program management

Technologies

networks

Applications

communications & wireless, enterprise