The National Institute of Standards and Technology published Special Publication (SP) 1800-16, Securing Web Transactions: Transport Layer Security (TLS) Server Certificate Management, naming TLS as the most widely used protocol for securing web transactions and other communications on internal networks and the internet. The TLS layer helps to protect an organization’s data, privacy, and overall operational security.
The TLS Certificate Management guide is organized in four volumes at different levels of technical detail, and provides a roadmap to assist executives, chief information security officers, system administrators, and information technology professionals to create and implement a server certificate management plan.
NIST summarized the content of the four volumes:
- Volume A provides an executive summary;
- Volume B covers security risks and recommended best practices;
- Volume C explains what we did and why and features a security control map which maps the security characteristics of the example solution to existing cybersecurity standards and best practices; and
- Volume D is the “how-to” portion of the guide that helps users replicate all or parts of the build created in our lab.
Some organizations may have tens of thousands of certificates, but many lack a plan to manage them, NIST said. This puts them at a higher risk for system outages and security breaches, which can result in revenue loss, harm to an organization’s reputation or brand, loss of privacy data and exposure of proprietary data to attackers
The guide is available for download in its entirety or by individual volume. If you have feedback on how the guide helped you establish and/or refine a formal TLS server certificate management program within your organization — please provide feedback to NIST using the link below or send an email to email@example.com.