NIST has updated its key management guidance in Special Publication (SP) 800-57 Part 1 Revision 5, Recommendation for Key Management: Part 1 – General.
This document provides general guidance and best practices for the management of cryptographic keying material. Among other changes, this revision:
- emphasizes the protection needed for the metadata associated with keys;
- includes discussions on access control, identity authentication, and inventory management for keys and certificates; and
- provides guidance consistent with Federal Information Processing Standards (FIPS) Publication 201, Personal Identity Verification (PIV) of Federal Employees and Contractors, and SP 800-63-3, Digital Identity Guidelines.
Appendix C contains a complete list of changes. See more information on key management guidelines.