The Department of the Navy's Information Technology Magazine Notify Me of New Issue
Email this Article Email   

CHIPS Articles: NIST Publishes Transport Layer Security Server Certificate Management Practice Guide

NIST Publishes Transport Layer Security Server Certificate Management Practice Guide
By CHIPS Magazine - June 18, 2020
The National Institute of Standards and Technology published Special Publication (SP) 1800-16, Securing Web Transactions: Transport Layer Security (TLS) Server Certificate Management, naming TLS as the most widely used protocol for securing web transactions and other communications on internal networks and the internet. The TLS layer helps to protect an organization’s data, privacy, and overall operational security.

The TLS Certificate Management guide is organized in four volumes at different levels of technical detail, and provides a roadmap to assist executives, chief information security officers, system administrators, and information technology professionals to create and implement a server certificate management plan.

NIST summarized the content of the four volumes:

  • Volume A provides an executive summary;
  • Volume B covers security risks and recommended best practices;
  • Volume C explains what we did and why and features a security control map which maps the security characteristics of the example solution to existing cybersecurity standards and best practices; and
  • Volume D is the “how-to” portion of the guide that helps users replicate all or parts of the build created in our lab.

Some organizations may have tens of thousands of certificates, but many lack a plan to manage them, NIST said. This puts them at a higher risk for system outages and security breaches, which can result in revenue loss, harm to an organization’s reputation or brand, loss of privacy data and exposure of proprietary data to attackers

The guide is available for download in its entirety or by individual volume. If you have feedback on how the guide helped you establish and/or refine a formal TLS server certificate management program within your organization — please provide feedback to NIST using the link below or send an email to tls-cert-security-nccoe@nist.gov.

Publication Details:
https://csrc.nist.gov/publications/detail/sp/1800-16/final

Project homepage:
https://www.nccoe.nist.gov/webform/feedback-securing-web-transactions-tls-server-certificate-management

Related CHIPS Articles
Defense Official Calls Artificial Intelligence the New Oil
DON CIO Offers Tools for Secure Teleworking
Five cryptologic giants inducted into the NSA/CSS Cryptologic Hall of Honor
IW Has a Seat at the Table
NAVWAR Transitions First Wave of IWRP Prototypes to Production
Related DON CIO News
Registration Now Open; Schedule Available for DON IT Conference East Coast 2020 Virtual Event
Join DON CIO, DCNO Information Warfare and the Deputy Commandant for Information for a Cybersecurity Awareness Month Discussion
The COVID-19 Impact on Modernize, Innovate and Defend
DON IT Conference Schedule Now Available; Pre-Registration Closed
DON IT Conference, East Coast 2019 Descriptive Schedule Available
Related DON CIO Policy
The Chief Information Security Officer Handbook
Spectrum Supportability Risk Assessment Process Using the Spectrum Supportability Integrated Process Portal
DON CIO Cybersecurity Strategy Guidance
DON Public Affairs Policy and Regulations
DON Cyber Range Policy Guidance

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer