NIST conducted a two-day Key Management Workshop on March 4-5, 2014. The workshop was held to discuss a draft of NIST Special Publication (SP) 800-152 ("A Profile for U.S. Federal CKMS") that was made available for public comment prior to the workshop. This draft was based on the requirements in SP 800-130 ("A Framework for Designing Cryptographic Key Management Systems"), but extended beyond SP 800-130 to establish specific requirements for Federal organizations desiring to use or operate a CKMS, either directly or under contract; recommended augmentations to these requirements for those Federal CKMSs requiring additional security; and suggested additional features for consideration. This draft of the Profile addressed the topics included in SP 800-130, and also included discussions on CKMS testing, procurement, installation, administration, operation, maintenance and use.
While the Profile is intended for use by the U.S. Federal government, it may also be used by other public or private sectors as a model for the development of their own profile.
Input from the workshop participants was solicited regarding the utility and feasibility of these requirements, recommended augmentations and suggested features. This input, along with comments received during the public comment period were incorporated into the next version of SP 800-152.
