U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Addressing Visibility Challenges with TLS 1.3 within the Enterprise

Enterprises use encryption—a cryptographic technique—to protect data transmission and storage. Encryption strengthens data confidentiality and integrity, but recent enhancements to cryptographic security protocols, such as Transport Layer Security (TLS) 1.3, can disrupt current approaches to observing and monitoring internal network communications within enterprise data centers and hybrid cloud environments. Reduced visibility can impact an organization’s ability to protect its data and systems.

This project helps enterprises achieve network traffic visibility when using TLS 1.3.

This project provides system and application administrators with practical tools and approaches to have visibility into the information exchanges within enterprise environments protected by TLS 1.3.
Status: Finalized

The NIST NCCoE has released the final practice guide, NIST SP 1800-37, Addressing Visibility Challenges with TLS 1.3 within the Enterprise. This practice guide illustrates practical approaches that users can adopt to gain visibility into TLS 1.3-protected network traffic for application servers within their controlled enterprise data centers. 

NIST SP 1800-37: Complete Guide (PDF)Web Version NIST SP 1800-37: Complete Guide (PDF)
NIST Pages Static SiteWeb Version NIST Pages Static Site
Read the project FAQs

Project Abstract

The Transport Layer Security (TLS) protocol is widely deployed to secure network traffic. TLS 1.3 protects the contents of its previous TLS communications even if a TLS-enabled server is compromised.  This is known as forward secrecy. The approach used to achieve forward secrecy in TLS 1.3 may interfere with passive decryption techniques that enterprises rely on to have visibility into their TLS 1.2 traffic. Enterprises’ authorized network security staff rely on that visibility to protect its data and systems with critical cybersecurity controls to meet operational needs and legal requirements. Adoption of the TLS 1.3 protocol can disrupt current approaches to observing and monitoring internal network communications within an enterprise. 

The National Cybersecurity Center of Excellence (NCCoE), in collaboration with technology providers and enterprise customers, initiated a project to demonstrate options for maintaining visibility within the TLS 1.3 protocol using several standards-compliant implementations that enterprises can use for real-time and post-facto systems monitoring and analytics capabilities. NIST SP 1800-37’s illustrated techniques are restricted to information exchanges within enterprise environments.

NIST SP 1800-37 contains demonstrated proofs of concept along with links to detailed technical information online on NIST pages. This publication also includes links to mappings of TLS 1.3 visibility principles to commonly used security standards and guidelines.

Read the Project Description

The NCCoE will builded on its earlier work to give organizations more options for gaining greater visibility into their network traffic and to fully adopt TLS 1.3.

Collaborating Vendors

Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capability from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a CRADA to collaborate with NIST in a consortium to build this example solution.

Join the Community of Interest

Employee speaking on video call with colleagues on online briefing with laptop at home

A Community of Interest (COI) is a group of professionals and advisors who share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Share your expertise and consider becoming a member of this project's COI. 

Tell us about yourself