Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 1800-16

Securing Web Transactions: TLS Server Certificate Management

Date Published: June 2020


Mehwish Akram (MITRE), William Barker (Strativia), Rob Clatterbuck (Thales Trusted Cyber Technologies), Donna Dodson (NIST), Brandon Everhart (MITRE), Jane Gilbert (Thales Trusted Cyber Technologies), William Haag (NIST), Brian Johnson (MITRE), Alexandros Kapasouris (Symantec), Dung Lam (F5), Brett Pleasant (MITRE), Mary Raguso (MITRE), Murugiah Souppaya (NIST), Susan Symington (MITRE), Paul Turner (Venafi), Clint Wilson (DigiCert)



authentication; certificate; cryptography; identity; key; key management; PKI; private key; public key; public key infrastructure; server; signature; TLS; Transport Layer Security
Control Families

Access Control; Audit and Accountability; Configuration Management; Program Management; System and Information Integrity


Download URL

Supplemental Material:
SP 1800-16 files
Project homepage

Related NIST Publications:
Project Description

Document History:
11/29/18: SP 1800-16 (Draft)
07/17/19: SP 1800-16 (Draft)
06/16/20: SP 1800-16 (Final)