Date Published: November 2018
Comments Due:
Email Questions to:
Planning Note (01/28/2019):
The comment closing date has been extended to February 18, 2019 (originally Jan. 21st).
Author(s)
Elaine Barker (NIST), William Barker (Dakota Consulting)
Announcement
NIST invites public comments on this second draft of Special Publication (SP) 800-57 Part 2 Rev. 1, Recommendation for Key Management Part 2: Best Practices for Key Management Organizations. Part 2 provides guidance when using the cryptographic features of current systems. This revision:
- identifies the concepts, functions and elements common to effective systems for the management of symmetric and asymmetric keys;
- identifies the security planning requirements and documentation necessary for effective institutional key management;
- describes key management specification requirements;
- describes cryptographic key management policy documentation that is needed by organizations that use cryptography; and
- describes key management practice statement requirements.
NIST Special Publication (SP) 800-57 provides cryptographic key management guidance. It consists of three parts. Part 1, Recommendation for Key Management, Part 1: General, provides general guidance and best practices for the management of cryptographic keying material. Part 2, Best Practices for Key Management Organizations, provides guidance on policy and security planning requirements. Finally, Part 3, Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance, provides guidance when using the cryptographic features of current systems. Part 2 (this document) 1) identifies the concepts, functions and elements common to effective systems for the management of symmetric and asymmetric keys; 2) identifies the security planning requirements and documentation necessary for effective institutional key management; 3) describes key management specification requirements; 4) describes cryptographic key management policy documentation that is needed by organizations that use cryptography; and 5) describes key management practice statement requirements. Appendices provide examples of some key management infrastructures and supplemental documentation and planning materials.
NIST Special Publication (SP) 800-57 provides cryptographic key management guidance. It consists of three parts. Part 1, Recommendation for Key Management, Part 1: General, provides general guidance and best practices for the management of cryptographic keying material. Part 2, Best Practices for...
See full abstract
NIST Special Publication (SP) 800-57 provides cryptographic key management guidance. It consists of three parts. Part 1, Recommendation for Key Management, Part 1: General, provides general guidance and best practices for the management of cryptographic keying material. Part 2, Best Practices for Key Management Organizations, provides guidance on policy and security planning requirements. Finally, Part 3, Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance, provides guidance when using the cryptographic features of current systems. Part 2 (this document) 1) identifies the concepts, functions and elements common to effective systems for the management of symmetric and asymmetric keys; 2) identifies the security planning requirements and documentation necessary for effective institutional key management; 3) describes key management specification requirements; 4) describes cryptographic key management policy documentation that is needed by organizations that use cryptography; and 5) describes key management practice statement requirements. Appendices provide examples of some key management infrastructures and supplemental documentation and planning materials.
Hide full abstract
Keywords
authentication; authorization; availability; backup; certification authority; compromise; confidentiality; cryptographic key; cryptographic module; digital signatures; encryption; integrity; inventory management; key information; key management; cryptographic key management policy; key recovery; private key; public key; public key infrastructure; security plan; symmetric key
Control Families
Access Control; Audit and Accountability; Contingency Planning; Media Protection; Planning; System and Communications Protection; System and Information Integrity
