Cryptographic mechanisms are often used to protect the integrity, authenticity, and confidentiality of sensitive and high value data that is vulnerable to unauthorized disclosure or modification while in storage or during transmission. Specific key management requirements and methods may vary depending on the security applications of cryptography and the native differences between symmetric and asymmetric key cryptography. Yet regardless of the algorithm or application, users and systems must have assurance that a cryptographic key is authentic, belongs to the entity with whom it is associated, and has not been accessed by an unauthorized third party.
NIST Special Publication (SP) 800-57 Part 2 Revision 1, Recommendation for Key Management: Part 2 – Best Practices for Key Management Organizations, provides guidance on how organizations should manage cryptographic keys in accordance with the federal key management policies and best practices described in SP 800-57 Part 1. This revision is consistent with the Cybersecurity Enhancement Act of 2014 and provides direct cybersecurity support for private-sector key management as well as government-focused guidance consistent with OMB Circular A-130. Section 2 has been updated to introduce a more comprehensive set of key management concepts that should be addressed in key management policies, practice statements, and planning documents by any organization that uses cryptography to protect its information.
This revision also broadens the applicability of its recommendations to cover both centralized and decentralized key management structures. Finally, this document’s original centralized infrastructure example has been replaced by explanatory material that reflects SP 800-130 and SP 800-152 and applies to both centralized and decentralized key management structures.