Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Key Management

Key Management Guidelines

The following publications provide general key management guidance:

Recommendation for Key Management

  • SP 800-57 Part 1, General
    • This Recommendation provides cryptographic key management guidance. It consists of three parts. Part 1 provides general guidance and best practices for the management of cryptographic keying material. Part 2 provides guidance on policy and security planning requirements for U.S. government agencies. Finally, Part 3 provides guidance when using the cryptographic features of current systems.
       
  • SP 800-57 Part 2, Best Practices for Key Management Organizations
    • This Recommendation provides cryptographic key management guidance. It consists of three parts. Part 1 provides general guidance and best practices for the management of cryptographic keying material. Part 2 provides guidance on policy and security planning requirements for U.S. government agencies. Finally, Part 3 provides guidance when using the cryptographic features of current systems.
    • April 6, 2018:  NIST has released a draft revision of Special Publication (SP) 800-57 Part 2Recommendation for Key Management, Part 2: Best Practices for Key Management Organization. This document introduces key management concepts that must be addressed in key management policies, practice statements and planning documents by any organization that uses cryptography to protect its information. It also provides guidance for the development of organizational key management policy statements and key management practices statements, and identifies key management information that needs to be documented for all federal applications of cryptography.
      • A public comment period for this document is open until May 31, 2018.
  • SP 800-57 Part 3, Application-Specific Key Management Guidance
    • NIST Special Publication 800-57 provides cryptographic key management guidance. It consists of three parts. Part 1 provides general guidance and best practices for the management of cryptographic keying material. Part 2 provides guidance on policy and security planning requirements for U.S. government agencies. Finally, Part 3 provides guidance when using the cryptographic features of current systems.
       

Key Management Transitions

  • SP 800-131A, Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths
    • Provides guidance for transitions to the use of stronger cryptographic keys and more robust algorithms by federal agencies when protecting sensitive, but unclassified information.

Created January 04, 2017, Updated April 18, 2018