Email this Article Email   

CHIPS Articles: Securing Web Transactions: TLS Server Certificate Management

Securing Web Transactions: TLS Server Certificate Management
By CHIPS Magazine - July 19, 2019
The National Cybersecurity Center of Excellence (NCCoE) released a draft Cybersecurity Practice Guide for public comment: Draft NIST Special Publication (SP) 1800-16, Securing Web Transactions: Transport Layer Security (TLS) Server Certificate Management. It demonstrates how to employ a formal Transport Layer Security (TLS) certificate management program to address certificate-based risks and challenges in large and medium enterprises.

The draft describes the TLS certificate management challenges faced by organizations; provides recommended best practices for large-scale TLS server certificate management; describes an automated proof-of-concept implementation that demonstrates how to prevent, detect, and recover from certificate-related incidents; and provides a mapping of the demonstrated capabilities to the recommended best practices and to National Institute of Standards and Technology security guidelines and frameworks, NIST said in a release.

The project uses commercially available technologies to develop a cybersecurity reference design that demonstrates how to establish, assign, change and track an inventory of TLS certificates in medium and large enterprises. Improper oversight of TLS certificates, which can number into the thousands for a single organization, can cause disastrous system outages and security breaches, result in revenue loss, harm to reputation, and exposure of confidential data to attackers.

The public comment period for this document ends Sept. 13, 2019. See the publication details link below for a copy of the document, instructions for submitting comments, and information about the project. Email comments to: tls-cert-mgmt-nccoe@nist.gov

NOTE: A call for patent claims is included on page v of Volume B. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer