Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Key Management

Key Management Guidelines

The following publications provide general key management guidance:

Recommendation for Key Management

  • SP 800-57 Part 1, General
    • This Recommendation provides cryptographic key management guidance. It consists of three parts. Part 1 provides general guidance and best practices for the management of cryptographic keying material. Part 2 provides guidance on policy and security planning requirements for U.S. government agencies. Finally, Part 3 provides guidance when using the cryptographic features of current systems.
       
  • SP 800-57 Part 2, Best Practices for Key Management Organizations
    • This Recommendation provides cryptographic key management guidance. It consists of three parts. Part 1 provides general guidance and best practices for the management of cryptographic keying material. Part 2 provides guidance on policy and security planning requirements for U.S. government agencies. Finally, Part 3 provides guidance when using the cryptographic features of current systems.
    • November 20, 2018:  NIST invites comments on this second draft of Special Publication (SP) 800-57 Part 2Recommendation for Key Management, Part 2: Best Practices for Key Management Organizations (2nd Draft).  Part 2 provides guidance when using the cryptographic features of current systems. This revision:
    1. identifies the concepts, functions and elements common to effective systems for the management of symmetric and asymmetric keys;
    2. identifies the security planning requirements and documentation necessary for effective institutional key management;
    3. describes key management specification requirements;
    4. describes cryptographic key management policy documentation that is needed by organizations that use cryptography; and
    5. describes key management practice statement requirements 

The public comment period for this document is open until January 21, 2019.

  • SP 800-57 Part 3, Application-Specific Key Management Guidance
    • NIST Special Publication 800-57 provides cryptographic key management guidance. It consists of three parts. Part 1 provides general guidance and best practices for the management of cryptographic keying material. Part 2 provides guidance on policy and security planning requirements for U.S. government agencies. Finally, Part 3 provides guidance when using the cryptographic features of current systems.
       

Key Management Transitions

  • SP 800-131A Revision 2, Transitioning the Use of Cryptographic Algorithms and Key Lengths
    • Provides guidance for transitions to the use of stronger cryptographic keys and more robust algorithms by federal agencies when protecting sensitive, but unclassified information.

Created January 04, 2017, Updated March 22, 2019