The National Institute for Standards and Technology has issued Special Publication (SP) 800-57 which provides cryptographic key management guidance. It consists of three parts. Part 1, Recommendation for Key Management, Part 1: General, provides general guidance and best practices for the management of cryptographic keying material. Part 2, Best Practices for Key Management Organizations, provides guidance on policy and security planning requirements. Finally, Part 3, Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance, provides guidance when using the cryptographic features of current systems.
The new document, Part 2, “(1) identifies the concepts, functions and elements common to effective systems for the management of symmetric and asymmetric keys; (2) identifies the security planning requirements and documentation necessary for effective institutional key management; (3) describes key management specification requirements; (4) describes cryptographic key management policy documentation that is needed by organizations that use cryptography; and (5) describes key management practice statement requirements,” according to the NIST release.
Appendices provide examples of some key management infrastructures and supplemental documentation and planning materials.
A public comment period for this document is open until Jan. 21, 2019. Email Comments to: firstname.lastname@example.org.
Publication: Draft (2nd) SP 800-57 Part 2 Rev. 1