Addressing Visibility Challenges with TLS 1.3 within the Enterprise

Enterprises use encryption—a cryptographic technique—to protect data transmission and storage. Encryption strengthens data confidentiality and integrity, but recent enhancements to cryptographic security protocols, such as Transport Layer Security (TLS) 1.3, can disrupt current approaches to observing and monitoring internal network communications within enterprise data centers and hybrid cloud environments. Reduced visibility can impact an organization’s ability to protect its data and systems.

This project will help enterprises increase network visibility and adopt TLS 1.3 and other modern protocols

This project will provide system and application administrators with practical tools and approaches to help them gain visibility into the traffic flowing across their networks, and to fully adopt TLS 1.3.
Status: Soliciting Comments

The public comment period for volumes A and B of this practice guide is now open through April 1, 2024.

NIST is adopting an agile process to publish this content. Each volume is being made available as soon as possible rather than delaying release until all volumes are completed. Work continues on implementing the example solution and developing other parts of the content. As a preliminary draft, we will publish at least one additional draft for public comment before it is finalized. 

NIST SP 1800-37A: Executive Summary (2nd Preliminary Draft)Document Version NIST SP 1800-37A: Executive Summary (2nd Preliminary Draft)
NIST SP 1800-37B: Approach, Architecture, and Security Characteristics (Preliminary Draft)Document Version NIST SP 1800-37B: Approach, Architecture, and Security Characteristics (Preliminary Draft)

Project Abstract

TLS helps protect data traveling over the internet, secures our communications, and helps prevent eavesdropping and tampering attacks. The first version of TLS, 1.0, was released in 1999. Since then, three more versions of TLS have been released—the most recent, TLS 1.3, in 2018.

To improve communications security on the internet, designers have changed protocols to strengthen security and better protect the secrecy of historical traffic—even if the servers’ long-term secret keys are compromised. This process--known as forward secrecy—has made it more difficult for enterprises to implement network visibility strategies. Consequently, enterprises have raised questions about how to meet enterprise security, operational, and regulatory requirements for critical services while using modern protocols such as TLS 1.3

The Addressing Visibility Challenges with TLS 1.3 project will address the security implications of TLS 1.3 protocol changes. Our team will create approaches to help system and application administrators gain greater visibility into the content of information being exchanged on their networks. We are also exploring approaches that can restore visibility into encrypted data in transit. Other areas such as analysis of encrypted data, enhanced auditing, and novel network architectures are also of interest.

Read the Project Description

The NCCoE will build on its earlier work to give organizations more options for gaining greater visibility into their network traffic and to fully adopt TLS 1.3. 

Collaborating Vendors

Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capability from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a CRADA to collaborate with NIST in a consortium to build this example solution.

Join the Community of Interest

Employee speaking on video call with colleagues on online briefing with laptop at home

A Community of Interest (COI) is a group of professionals and advisors who share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Share your expertise and consider becoming a member of this project's COI. 

Tell us about yourself

First & Last Name