Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Key Management

Key Management Guidelines

The following publications provide general key management guidance:

Recommendation for Key Management

  • SP 800-57 Part 1, General
    • This Recommendation provides cryptographic key management guidance. It consists of three parts. Part 1 provides general guidance and best practices for the management of cryptographic keying material. Part 2 provides guidance on policy and security planning requirements for U.S. government agencies. Finally, Part 3 provides guidance when using the cryptographic features of current systems.
       
  • SP 800-57 Part 2, Best Practices for Key Management Organizations
    • This Recommendation provides cryptographic key management guidance. It consists of three parts. Part 1 provides general guidance and best practices for the management of cryptographic keying material. Part 2 provides guidance on policy and security planning requirements for U.S. government agencies. Finally, Part 3 provides guidance when using the cryptographic features of current systems.
       
  • SP 800-57 Part 3, Application-Specific Key Management Guidance
    • NIST Special Publication 800-57 provides cryptographic key management guidance. It consists of three parts. Part 1 provides general guidance and best practices for the management of cryptographic keying material. Part 2 provides guidance on policy and security planning requirements for U.S. government agencies. Finally, Part 3 provides guidance when using the cryptographic features of current systems.
       

Key Management Transitions

  • SP 800-131A, Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths
    • Provides guidance for transitions to the use of stronger cryptographic keys and more robust algorithms by federal agencies when protecting sensitive, but unclassified information.

Created January 04, 2017, Updated February 12, 2018