Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Project Description (Initial Public Draft)

Addressing Visibility Challenges with TLS 1.3

Date Published: February 2021
Comments Due: March 29, 2021 (public comment period is CLOSED)
Email Questions to: applied-crypto-visibility@nist.gov

Author(s)

W. Polk (NIST), Murugiah Souppaya (NIST), William Barker (Dakota Consulting)

Announcement

The National Cybersecurity Center of Excellence (NCCoE) has released a new draft project description, Addressing Visibility Challenges with TLS 1.3. Publication of this draft project description begins a process to solicit feedback about the project scope, demonstration scenarios, and high-level architecture.
 
The NCCoE will solicit participation from industry to build one or more visibility solution examples using commercially available technology, which will address a set of cybersecurity challenges. These challenges impact the ability of some organizations to meet their regulatory, security, and operational requirements due to loss of visibility into the content of communications within their enterprise environments. The project will demonstrate various approaches and practices, which will result in a freely available NIST Cybersecurity Practice Guide that documents a range of approaches for enterprises to regain visibility into the content of TLS-protected information being exchanged within the enterprise environment.
 
The public comment period for this draft is open through March 29, 2021. You can also help shape and contribute to this project. Join the Community of Interest by sending an email to applied-crypto-visibility@nist.gov.

Abstract

Keywords

application; compliance; cryptography; encryption; forensics; forward secrecy; protocol; transport layer; visibility
Control Families

None selected

Documentation

Publication:
Project Description (pdf)

Supplemental Material:
Submit comments
Project homepage

Document History:
02/24/21: Project Description (Draft)
05/26/21: Project Description (Final)

Topics

Security and Privacy

encryption, intrusion detection & prevention, key management

Technologies

networks

Applications

enterprise