Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-52 Rev. 2 (Initial Public Draft)

Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations

Date Published: November 2017
Comments Due: February 1, 2018 (public comment period is CLOSED)
Email Questions to: sp80052-comments@nist.gov

Author(s)

Kerry McKay (NIST), David Cooper (NIST)

Announcement

NIST announces the release of draft Special Publication 500-52 Revision 2, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations. Transport Layer Security (TLS) provides mechanisms to protect data during electronic dissemination across the Internet. This Special Publication provides guidance to the selection and configuration of TLS protocol implementations while making effective use of Federal Information Processing Standards (FIPS) and NIST-recommended cryptographic algorithms. It requires that TLS 1.2 configured with FIPS-based cipher suites be supported by all government TLS servers and clients and recommends that agencies develop migration plans to support TLS 1.3 by January 1, 2020. This Special Publication also provides guidance on certificates and TLS extensions that impact security.

Abstract

Keywords

network security; SSL; TLS; information security; Transport Layer Security
Control Families

System and Communications Protection

Documentation

Publication:
Draft SP 800-52 Rev. 2 (pdf)

Supplemental Material:
Comments received (pdf)

Document History:
11/15/17: SP 800-52 Rev. 2 (Draft)
10/15/18: SP 800-52 Rev. 2 (Draft)
08/29/19: SP 800-52 Rev. 2 (Final)