Many organizations have struggled to effectively manage TLS certificates and mitigate these risks because TLS certificates are so broadly deployed across a wide variety of systems that are managed by different IT groups and business units. If you’ve been feeling this pain, you need to read SP 1800-16B and talk to your executive chain about implementing the recommendations.
While you’re reading SP 1800-16B, you might consider sending SP 1800-16A to your executives. It provides an executive overview of the risks, challenges, and solutions for TLS certificates. Getting support and active engagement from executive management is critical to a successful certificate management program.
NIST SP 1800-16 A and B are both up for public review. If, as you’re reading them, you have any suggestions on how to make them better, please submit that feedback to NIST at this link.
Read more at: Security Boulevard