Appendix A List of Acronyms and Abbreviations

ACME

Automated Certificate Management Environment

AD

Active Directory

API

Application Programming Interface

BGP

Border Gateway Protocol

CA

Certificate Authority

CAA

Certificate Authority Authorization

CAS

Certification Authority System

CAPI

Cryptographic Application Programming Interface (also known variously as CryptoAPI, Microsoft Cryptography API, MS-CAPI or simply CAPI)

CIO

Chief information officer

CN

Common Name

CRL

Certificate Revocation List

CSR

Certificate Signing Request

CT

Certificate Transparency

DevOps

Development Operations

DN

Distinguished Name

DNS

Domain Name System

ECDSA

Elliptic Curve Digital Signature Algorithm

EV

Extended Validation

FIPS

Federal Information Processing Standards

HSM

Hardware Security Module

HTTP

Hypertext Transfer Protocol

HTTPS

Hypertext Transfer Protocol Secure

IETF

Internet Engineering Task Force

IIS

Internet Information Server (Microsoft Windows)

IoT

Internet of Things

IP

Internet Protocol

LDAP

Lightweight Directory Access Protocol

NIST

National Institute of Standards and Technology

NCCoE

National Cybersecurity Center of Excellence

OS

Operating System

OV

Organization Validated

PCI-DSS

Payment Card Industry Data Security Standard

PKCS

Public Key Cryptography Standards

PKI

Public Key Infrastructure

RA

Registration Authority

REST

Representational State Transfer (API)

RMF

Risk Management Framework

RSA

Rivest, Shamir, & Adleman (public key encryption algorithm)

SAN

Subject Alternative Name

SCEP

Simple Certificate Enrollment Protocol

SHA-1

Secure Hash Algorithm 1

SHA-256

Secure Hash Algorithm 256

SP

Special Publication

SSL

Secure Socket Layer (protocol)

SSLV

SSL Visibility (Symantec Appliance)

TLS

Transport Layer Security (protocol)

TPP

Trust Protection Platform (Venafi)

UPN

User Principal Name

URL

Uniform Resource Locator

Appendix B Glossary

Active Directory

A Microsoft directory service for the management of identities in Windows domain networks.

Application

1. The system, functional area, or problem to which information technology is applied. The application includes related manual procedures as well as automated procedures. Payroll, accounting, and management information systems are examples of applications. (NIST SP 800-16)

2. A software program hosted by an information system. (NIST SP 800-137)

Authentication

Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to a system’s resources. (NIST SP 800-63-3)

Automated Certificate

Management Environment

A protocol defined in IETF RFC 8555 that provides for the automated enrollment of certificates.

Certificate

A set of data that uniquely identifies an entity, contains the entity’s public key and possibly other information, and is digitally signed by a trusted party, thereby binding the public key to the entity. Additional information in the certificate could specify how the key is used and its validity period. (NIST SP 800-57 Part 1 Rev. 4 under Public-key certificate) (Certificates in this practice guide are based on .)

Certificate Authority

A trusted entity that issues and revokes public key certificates. (NISTIR 8149)

Certificate Authority Authorization

A record associated with a Domain Name Server (DNS) entry that specifies the CAs that are authorized to issue certificates for that domain.

Certificate Chain

An ordered list of certificates that starts with an end-entity certificate, includes one or more certificate authority (CA) certificates, and ends with the end-entity certificate’s root CA certificate, where each certificate in the chain is the certificate of the CA that issued the previous certificate. By checking to see if each certificate in the chain was issued by a trusted CA, the receiver of an end-user certificate can determine whether or not it should trust the end-entity certificate by verifying the signatures in the chain of certificates.

Certificate Management

Process whereby certificates (as defined above) are generated, stored, protected, transferred, loaded, used, and destroyed. (CNSSI 4009-2015) (In the context of this practice guide, it also includes inventory, monitoring, enrolling, installing, and revoking.)

Certificate Revocation List

A list of digital certificates that have been revoked by an issuing CA before their scheduled expiration date and should no longer be trusted.

Certificate Signing Request

A request sent from a certificate requester to a certificate authority to apply for a digital identity certificate. The certificate signing request contains the public key as well as other information to be included in the certificate and is signed by the private key corresponding to the public key.

Certificate Transparency

A framework for publicly logging the existence of Transport Layer Security (TLS) certificates as they are issued or observed in a manner that allows anyone to audit CA activity and notice the issuance of suspect certificates as well as to audit the certificate logs themselves. (Experimental RFC 6962)

Chief information officer

Organization’s official responsible for: (i) Providing advice and other assistance to the head of the organization and other senior management personnel of the organization to ensure that information technology is acquired and information resources are managed in a manner that is consistent with laws, directives, policies, regulations, and priorities established by the head of the organization; (ii) Developing, maintaining, and facilitating the implementation of a sound and integrated information technology architecture for the [organization]; and (iii) Promoting the effective and efficient design and operation of all major information resources management processes for the organization, including improvements to work processes of the organization. (NIST SP 800-53 Rev. 4 adapted)

Note: A subordinate organization may assign a chief information officer to denote an individual filling a position with security responsibilities with respect to the subordinate organization that are similar to those that the chief information officers fills for the organization to which they are subordinate.

Client

1. A machine or software application that accesses a cloud over a network connection, perhaps on behalf of a consumer. (NIST SP 800-146)

2. A function that uses the PKI to obtain certificates and validate certificates and signatures. Client functions are present in CAs and end entities. Client functions may also be present in entities that are not certificate holders. That is, a system or user that verifies signatures and validation paths is a client, even if it does not hold a certificate itself. (NIST SP 800-15)

Cloud Computing

A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. (NIST SP 800-145)

Common Name

An attribute type that is commonly found within a Subject Distinguished Name in an X.500 directory information tree. When identifying machines, it is composed of a fully qualified domain name or IP address.

Configuration Management

A collection of activities focused on establishing and maintaining the integrity of information technology products and information systems, through control of processes for initializing, changing, and monitoring the configurations of those products and systems throughout the system development life cycle. (NIST SP 800-53 Rev. 4)

Container

A method for packaging and securely running an application within an application virtualization environment. Also known as an application container or a server application container. (NIST SP 800-190)

Cryptographic Application Programming Interface

An application programming interface included with Microsoft Windows operating systems that provides services to enable developers to secure Windows-based applications using cryptography. While providing a consistent API for applications, CAPI allows for specialized cryptographic modules (cryptographic service providers) to be provided by third parties, such as hardware security module (HSM) manufacturers. This enables applications to leverage the additional security of HSMs while using the same APIs they use to access built-in Windows cryptographic service providers. (Also known variously as CryptoAPI, Microsoft Cryptography API, MS-CAPI or simply CAPI)

Cryptography API: Next Generation

The long-term replacement for the Cryptographic Application Programming Interface (CAPI).

Demilitarized Zone

A perimeter network or screened subnet separating an internal network that is more trusted from an external network that is less trusted.

Development Operations (DevOps)

A set of practices for automating the processes between software development and information technology operations teams so that they can build, test, and release software faster and more reliably. The goal is to shorten the systems development life cycle and improve reliability while delivering features, fixes, and updates frequently in close alignment with business objectives.

Digital Certificate

Certificate (as defined above).

Digital Signature

The result of a cryptographic transformation of data that, when properly implemented, provides origin authentication, assurance of data integrity, and signatory non-repudiation. (NIST SP 800-133)

Digital Signature Algorithm

A Federal Information Processing Standard for digital signatures, based on the mathematical concept of modular exponentiations and the discrete logarithm problem. (FIPS 186-4)

Directory Service

A distributed database service capable of storing information, such as certificates and CRLs, in various nodes or servers distributed across a network. (NIST SP 800-15) (In the context of this practice guide, a directory services stores identity information and enables the authentication and identification of people and machines.)

Distinguished Name

An identifier that uniquely represents an object in the X.500 directory information tree. (RFC 4949 Ver 2)

Domain

A distinct group of computers under a central administration or authority.

Domain Name

A label that identifies a network domain using the Domain Naming System.

Domain Name Server

The internet’s equivalent of a phone book. It maintains a directory of domain names, as defined by the Domain Name System, and translates them to Internet Protocol addresses.

Domain Name System

The system by which Internet domain names and addresses are tracked and regulated as defined by IETF RFC 1034 and other related RFCs.

Elliptic Curve Digital Signature Algorithm

A digital signature algorithm that is an analog of DSA using elliptic curve mathematics and specified in ANSI draft standard X9.62. (NIST SP 800-15)

Enrollment

The process that a CA uses to create a certificate for a web server or email user. (NISTIR 7682) (In the context of this practice guide, enrollment applies to the process of a certificate requester requesting a certificate, the CA issuing the certificate, and the requester retrieving the issued certificate.)

Extended Validation Certificate

A certificate used for HTTPS websites and software that includes identity information that has been subjected to an identity verification process standardized by the CA Browser Forum in its Baseline Requirements that verifies that the identified owner of the website for which the certificate has been issued has exclusive rights to use the domain; exists legally, operationally, and physically; and has authorized the issuance of the certificate.

Federal Information Processing Standards (FIPS)

A standard for adoption and use by federal departments and agencies that has been developed within the Information Technology Laboratory and published by the National Institute of Standards and Technology, a part of the U.S. Department of Commerce. A FIPS covers some topic in information technology in order to achieve a common level of quality or some level of interoperability. (NIST SP 800-161)

Hardware Security Module (HSM)

A physical computing device that provides tamper-evident and intrusion-resistant safeguarding and management of digital keys and other secrets, as well as crypto-processing. FIPS 140-2 specifies requirements for HSMs.

Hostname

Hostnames are most commonly defined and used in the context of DNS. The hostname of a system typically refers to the fully qualified DNS domain name of that system.

Hypertext Transfer Protocol

A standard method for communication between clients and Web servers. (NISTIR 7387)

Internet Engineering Task Force (IETF)

The internet standards organization made up of network designers, operators, vendors, and researchers that defines protocol standards (e.g., IP, TCP, DNS) through process of collaboration and consensus.

Internet Message Access Protocol

A method of communication used to read electronic mail stored in a remote server. (NISTIR 7387)

Internet of Things (IoT)

As used in this publication, user or industrial devices that are connected to the internet. IoT devices include sensors, controllers, and household appliances.

Internet Protocol

The Internet Protocol, as defined in IETF RFC 6864, which is the principal communications protocol in the IETF Internet protocol suite for specifying system address information when relaying datagrams across network boundaries.

Lightweight Directory Access Protocol (LDAP)

The Lightweight Directory Access Protocol, or LDAP, is a directory access protocol. In this document, LDAP refers to the protocol defined by RFC 1777, which is also known as LDAP V2. LDAP V2 describes unauthenticated retrieval mechanisms. (NIST SP 800-15)

Microservice

A set of containers that work together to compose an application. (NIST SP 800-190)

Organization

An entity of any size, complexity, or positioning within an organizational structure (e.g., a federal agency or, as appropriate, any of its operational elements). (NIST SP 800-39) This publication is intended to provide recommendations for organizations that manage their own networks (e.g., that have a chief information officer).

Outage

A period when a service or an application is not available or when equipment is not operational.

Payment Card Industry Data Security Standard

An information security standard administered by the Payment Card Industry Security Standards Council that is for organizations that handle branded credit cards from the major card schemes.

Pivoting

A process where an attacker uses one compromised system to move to another system within an organization.

PIN Entry Device

An electronic device used in a debit, credit, or smart card-based transaction to accept and encrypt the cardholder’s personal identification number.

Post Office Protocol (POP)

A mailbox access protocol defined by IETF RFC 1939. POP is one of the most commonly used mailbox access protocols. (NIST SP 800-45 Version 2).

Private Key

The secret part of an asymmetric key pair that is used to digitally sign or decrypt data. (NIST SP 800-63-3).

Public CA

A trusted third party that issues certificates as defined in IETF RFC 5280. A CA is considered public if its root certificate is included in browsers and other applications by the developers of those browsers and applications. The CA/Browser Forum defines the requirements public CAs must follow in their operations.

Public Key

The public part of an asymmetric key pair that is used to verify signatures or encrypt data. (NIST SP 800-63-3).

Public Key Cryptography

Cryptography that uses separate keys for encryption and decryption; also known as asymmetric cryptography. (NIST SP 800-77)

Public Key Infrastructure (PKI)

The framework and services that provide for the generation, production, distribution, control, accounting, and destruction of public key certificates. Components include the personnel, policies, processes, server platforms, software, and workstations used for the purpose of administering certificates and public-private key pairs, including the ability to issue, maintain, recover, and revoke public key certificates. (NIST SP 800-53 Rev. 4)

Registration Authority (RA)

An entity authorized by the certification authority system (CAS) to collect, verify, and submit information provided by potential subscribers, which is to be entered into public key certificates. The term RA refers to hardware, software, and individuals that collectively perform this function. (CNSSI 4009-2015)

Re-key

To change the value of a cryptographic key that is being used in a cryptographic system application; this normally entails issuing a new certificate on the new public key. NIST SP 800-32 under Re-key (a certificate)

Renew

The act or process of extending the validity of the data binding asserted by a public key certificate by issuing a new certificate. NIST SP 800-32 (The new certificate is typically used to replace the existing certificate, and both certificates typically contain the same Subject DN and SAN information. It is best practice to generate a new key pair and CSR, i.e., re-key, when renewing a certificate, but re-keying is not required by all certificate authorities. Renewal is typically driven by the expiration of the existing certificate but could also be triggered by a suspected private key compromise or other event requiring the existing certificate to be revoked.)

Replace

The process of installing a new certificate and removing an existing one so that the new certificate is used in place of the existing certificate on all systems where the existing certificate is being used.

Representational State Transfer

A software architectural style that defines a common method for defining APIs for Web services.

Risk Management Framework

The Risk Management Framework (RMF), presented in NIST SP 800-37, provides a disciplined and structured process that integrates information security and risk management activities into the system development life cycle.

Rivest, Shamir, & Adleman

An algorithm approved in [FIPS 186] for digital signatures and in [SP 800-56B] for key establishment. (NIST SP 800-57 Part 1 Rev. 4)

Root certificate

A self-signed certificate, as defined by IETF RFC 5280, issued by a root CA. A root certificate is typically securely installed on systems so they can verify end-entity certificates they receive.

Root certificate authority

In a hierarchical public key infrastructure (PKI), the CA whose public key serves as the most trusted datum (i.e., the beginning of trust paths) for a security domain. (NIST SP 800-32)

Rotate

The process of renewing a certificate in conjunction with a rekey, followed by the process of replacing the existing certificate with the new certificate.

Subject Alternative Name

A field in an X.509 certificate that identifies one or more fully qualified domain names, IP addresses, email addresses, URIs, or UPNs to be associated with the public key contained in a certificate.

Simple Certificate Enrollment Protocol

A protocol defined in an IETF internet draft specification that is used by numerous manufacturers of network equipment and software who are developing simplified means of handling certificates for large-scale implementation to everyday users, as well as referenced in other industry standards.

Secure Hash Algorithm 1

A hash function specified in FIPS 180-2, the Secure Hash Standard. (NIST SP 800-89)

Secure Hash Algorithm 256

A hash algorithm that can be used to generate digests of messages. The digests are used to detect whether messages have been changed since the digests were generated. (FIPS 180-4 (March 2012))

Secure Transport

Transfer of information using a transport layer protocol that provides security between applications communicating over an IP network.

Server

A computer or device on a network that manages network resources. Examples include file servers (to store files), print servers (to manage one or more printers), network servers (to manage network traffic), and database servers (to process database queries). (NIST SP 800-47)

Service Provider

A provider of basic services or value-added services for operation of a network; ­generally refers to public carriers and other commercial enterprises. (NISTIR 4734)

Simple Mail Transfer Protocol

The primary protocol used to transfer electronic mail messages on the internet. (NISTIR 7387)

Special Publication

A type of publication issued by NIST. Specifically, the Special Publication 800-series reports on the Information Technology Laboratory’s research, guidelines, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations. The 1800 series reports the results of NCCoE demonstration projects.

System Administrator

Individual responsible for the installation and maintenance of an information system, providing effective information system utilization, adequate security parameters, and sound implementation of established Information Assurance policy and procedures. (CNSSI 4009-2015)

Team

A number of persons associated together in work or activity. (Merriam Webster) As used in this publication, a team is a group of individuals that has been assigned by an organization’s management the responsibility and capability to carry out a defined function or set of defined functions. Designations for teams as used in this publication are simply descriptive. Different organizations may have different designations for teams that carry out the functions described herein.

Transport Layer Security (TLS)

An authentication and security protocol widely implemented in browsers and web servers. TLS is defined by RFC 5246 and RFC 8446.

Trust Protection Platform

The Venafi Machine Identity Protection platform used in the example implementation described in this practice guide.

User Principal Name

In Windows Active Directory, this is the name of a system user in email address format, i.e., a concatenation of username, the “@” symbol, and domain name.

Validation

The process of determining that an object or process is acceptable according to a pre-defined set of tests and the results of those tests. (NIST SP 800-152)

Web Browser

A software program that allows a user to locate, access, and display web pages.

Appendix C Mapping to the Cybersecurity Framework

The following table maps the recommended best practices for TLS server certificate management to the NIST Cybersecurity Framework.

Table 1 Mapping the Recommended Best Practices for TLS Server Certificate Management to the Cybersecurity Framework

Cybersecurity Framework Function

Cybersecurity Framework Category

Cybersecurity Framework Subcategory

Applicability to TLS Server Certificates

NIST SP 800-53 Rev. 4

NIST SP 800-181 Work Roles

Identity (ID)

Asset Management (ID.AM)

ID.AM-2: Software platforms and applications within the organization are inventoried.

An inventory of TLS server certificates is established and maintained—including certificate attributes and metadata, such as the certificate owner for each certificate.

CM-8, PM-5

OM-STS-001 Technical Support Specialist

OM-ADM-001 System Administrator

ID.AM-6: Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established.

The responsibilities for complying with TLS server certificate policies and maintaining operational integrity and security related to TLS server certificates are clearly defined for certificate owners, the Certificate Services Team, and other relevant stakeholders. (See NIST SP 1800-16B: Security Risks and Recommended Best Practices, Section 5.1.)

CP-2, PS-7, PM-11

SP-ARC-002 Security Architect

OV-MGT-001 Information Systems Security Manager

CO-OPL-002 Cyber Ops Planner

Governance (ID.GV)

ID.GV-1: Organizational cybersecurity policy is established and communicated.

TLS server certificate policies are established, communicated to all stakeholders, enforced, and audited. (See NIST SP 1800- 16B: Security Risks and Recommended Best Practices, Section 5.)

Controls from all security control families

OV-SPP-002 Cyber Policy and Strategy Planner

OV-MGT-001 Information Systems Security Manager

OV-MGT-002 Communications Security Manager

OV-PMA-005 IT Program Auditor

ID.GV-2: Cybersecurity roles and responsibilities are coordinated and aligned with internal roles and external partners.

Certificate owners, the Certificate Services Team, and any other applicable stakeholders are educated on and have agreed to their roles and responsibilities for ensuring TLS server certificate policy compliance and maintaining operational integrity and security related to TLS server certificates. (See NIST SP 1800- 16B: Security Risks and Recommended Best Practices.)

PS-7, PM-1, PM-2

OV-SPP-001 Cyber Workforce Developer and Manager

OV-SPP-002 Cyber Policy and Strategy Planner

OV-MGT-002 Communications Security Manager

ID.GV-3: Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood and managed.

The impact of applicable legal and regulatory requirements on TLS server certificate policies and processes is reviewed. Necessary adjustments to policies and processes are completed and communicated. (See NIST SP 1800-16B: Security Risks and Recommended Best Practices.)

Controls from all security control families

OV-LGA-001 Cyber Legal Adviser

OV-LGA-002 Privacy Officer/Privacy Compliance Manager

OV-SPP-002 Cyber Policy and Strategy Planner

ID.GV-4: Governance and risk management processes address cybersecurity risks.

The effectiveness of implementing and complying with TLS server certificate policies to address operational and security risks is regularly reviewed by management and auditors. Adjustments are made to policies and processes when deficiencies are identified. (See NIST SP 1800-16B: Security Risks and Recommended Best Practices.)

SA-2, PM-3, PM-7, PM-9, PM-10, PM-11

OV-PMA-005 IT Program Auditor

SP-RSK-001 Authorizing Official/Designating Representative

SP-RSK-002 Security Control Assessor

Protect (PR)

Identity Management, Authentication and Access Control (PR.AC)

PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users, and processes.

The following are performed for TLS server certificates, which serve as machine identities: Certificates are issued by organizationally approved certificate authorities. Certificate requests are reviewed by knowledgeable persons or via approved automated processes. An inventory of certificates is maintained. Certificate owner information is kept up-to-date. Certificate expiration dates are tracked and new certificates requested/installed prior to expiration. Access to TLS private keys is limited to authorized personnel, and keys are replaced when personnel with access are reassigned or terminated. Certificate operation and configuration are continuously monitored. All certificate/key management operations are logged. Private keys are securely transferred to TLS inspection devices. Certificates are revoked when a private key is suspected to have been compromised or another event occurs that may invalidate the trustworthiness of a certificate. Certificate Authority Authorization records are populated for public-facing TLS server certificates. Certificate Transparency logs are monitored for fraudulent certificates.

AC-1, AC-2, IA-1, IA-2, IA-3, IA-4, IA-5, IA-6, IA-7, IA-8, IA-9, IA-10, IA-11

OM-ANA-001 Systems Security Analyst

PR-CDA-001 Cyber Defense Analyst

OM-ADM-001 System Administrator

OV-PMA-003 Product Support Manager

SP-DEV-001 Software Developer

PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties.

Access to private keys associated with TLS server certificates is limited to authorized personnel. Certificates are replaced when personnel with direct access to corresponding private keys are reassigned or terminated. Controls are implemented to ensure that access to certificates is granted only to personnel or systems authorized for the corresponding domains.

AC-1, AC-2, AC-3, AC-5, AC-6, AC-14, AC-16, AC-24

OV-MGT-002 Communications Security Manager

OM-ADM-001 System Administrator

PR-INF-001 Cyber Defense Infrastructure Support Specialist

PR.AC-6: Identities are proofed and bound to credentials and asserted in interactions.

TLS server certificate requests are reviewed by knowledgeable personnel or via approved automated processes.

AC-1, AC-2, AC-3, AC-16, AC-19, AC-24, IA-1, IA-2, IA-4, IA-5, IA-8, PE-2, PS-3

OV-SPP-002 Cyber Policy and Strategy Planner

OV-MGT-002 Communications Security Manager

OM-ADM-001 System Administrator

PR.AC-7: Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals’ security and privacy risks and other organizational risks).

All servers have TLS server certificates so they can be securely authenticated by clients.

AC-7, AC-8, AC-9, AC-11, AC-12, AC-14, IA-1, IA-2, IA-3, IA-4, IA-5, IA-8, IA-9, IA-10, IA-11

OM-ANA-001 Systems Security Analyst

PR-CDA-001 Cyber Defense Analyst

OM-ADM-001 System Administrator

OV-PMA-003 Product Support Manager

SP-DEV-001 Software Developer

Data Security (PR.DS)

PR.DS-1: Data at rest is protected.

Least privileged access is enforced for TLS server private keys or, where possible, hardware security modules are used to generate, store, and protect TLS server private keys.

MP-8, SC-12, SC-28

OV-SPP-002 Cyber Policy and Strategy Planner

PR-INF-001 Cyber Defense Infrastructure Support Specialist

OV-LGA-002 Privacy Officer/Privacy Compliance Manager

OV-MGT-002 Communications Security Manager

OM-NET-001 Network Operations Specialist

OM-ANA-001 Systems Security Analyst

PR.DS-2: Data in transit is protected.

All servers enforce the use of TLS for communications, and the corresponding TLS certificates and private keys are properly managed and secure.

SC-8, SC-11, SC-12

OV-SPP-002 Cyber Policy and Strategy Planner OV-MGT-002 Communications Security Manager OV-LGA-002 Privacy Officer/Privacy Compliance Manager

PR.DS-3: Assets are formally managed throughout removal, transfers, and disposition.

Private keys associated with TLS server certificates are replaced when people who have had direct access to those keys are reassigned or terminated. Certificates are revoked when a private key is suspected to have been compromised or another event occurs that may invalidate the trustworthiness of a certificate. New certificates are requested/installed prior to expiration.

CM-8, MP-6, PE-16

OM-STS-001 Technical Support Specialist

OM-ADM-001 System Administrator

OM-ANA-001 Systems Security Analyst

Information Protection Processes and Procedures (PR.IP)

PR.IP-2: A system development life cycle to manage systems is implemented.

TLS server certificate management processes effectively manage the life cycle of TLS certificates (e.g., inventory, request, replacement, revocation).

PL-8, SA-3, SA-4, SA-8, SA-10, SA-11, SA-12, SA-15, SA-17, SI-12, SI-13, SI-14, SI-16, SI-17

SP-SYS-001 Information Systems Security

Developer

SP-SYS-002 Systems Developer

PR.IP-3: Configuration change control processes are in place.

Change control processes are defined and enforced for TLS server certificates, e.g., certificates are replaced during off-hours and are tested before going operational.

CM-3, CM-4, SA-10

OM-ADM-001 System Administrator

SP-SYS-002 Systems Developer

PR.IP-9: Response plans (incident response and business continuity) and recovery plans (incident recovery and disaster recovery) are in place and managed.

The system supports replacement of large numbers of TLS server certificates and private keys in response to CA compromises, vulnerable algorithms, or cryptographic library bugs.

CP-2, CP-7, CP-12, CP-13, IR-7, IR-8, IR-9, PE-17

PR-CDA-001 Cyber Defense Analyst

PR-CIR-001 Cyber Defense Incident Responder

PR-VAM-001 Vulnerability Assessment Analyst

AN-TWA-001 Threat/Warning Analyst

IN-FOR-002 Cyber Defense Analyst

Protective Technology (PR.PT)

PR.PT-1: Audit/log records are determined, documented, implemented, and reviewed in accordance with policy.

All TLS server certificate and private key management/administrati ve operations can be logged to a central location and reviewed in accordance with policy.

AU Family

PR-INF-001 Cyber Defense Infrastructure Support Specialist OV-SPP-002 Cyber Policy and Strategy Planner PR-CDA-001 Cyber Defense Analyst OM-NET-001 Network Operations Specialist

PR.PT-5: Mechanisms (e.g., fail-safe, load balancing, hot swap) are implemented to achieve resilience requirements in normal and adverse situations.

Support is provided for managing the copying and transfer of TLS certificates needed to support resilience mechanisms such as load balancing and hot swap.

CP-7, CP-8, CP-11, CP-13, PL-8, SA-14, SC-6

SP-ARC-001 Enterprise Architect

SP-ARC-002 Security Architect

SP-SYS-001 Information Systems Developer

SP-SYS-002 Systems Developer

SP-TST-001 System Testing and Evaluation Specialist

Anomalies and Events (DE.AE)

DE.AE-5: Incident alert thresholds are established.

Clear thresholds are defined for notifications and escalations related to certificates nearing expiration (e.g., 60, 30, 15 days prior to expiration). Implementation of large-scale certificate replacement processes (e.g., suspected CA compromise triggers replacement).

IR-4, IR-5, IR-8

CO-OPL-002 Cyber Ops Planner

OM-STS-001 Technical Support Specialist

PR-CIR-001 Cyber Defense Incident Responder

Security Continuous Monitoring (DE.CM)

DE.CM-1: The network is monitored to detect potential cybersecurity events.

TLS inspection mechanisms are implemented to monitor encrypted traffic within TLS secured connections to ensure that malicious activity and pivoting between internal systems are detected.

AC-2, AU-12, CA-7, CM-3, SC-5, SC-7, SI-4

PR-CDA-001 Cyber Defense Analyst

OM-NET-001 Network Operations Specialist

Respond (RS)

Analysis (RS.AN)

RS.AN-5: Processes are established to receive, analyze, and respond to vulnerabilities disclosed to the organization from internal and external sources (e.g., internal testing, security bulletins, or security researchers).

In response to disclosed vulnerabilities such as public certificate authority compromise, cryptographic algorithm vulnerabilities, and cryptographic library bugs and vulnerabilities, the system supports replacement of large numbers of TLS server certificates and private keys.

SI-5, PM-15

PR-CDA-001Cyber Defense Analyst

PR-CIR-001 Cyber Defense Incident Responder

IN-FOR-002 Cyber Defense Forensics Analyst

Mitigation (RS.MI)

RS.MI-2: Incidents are mitigated.

All certificates affected by a certificate authority compromise, algorithm vulnerability, or cryptographic library bug can be rapidly replaced.

IR-4

PR-CDA-001Cyber Defense Analyst

PR-CIR-001 Cyber Defense Incident Responder

IN-FOR-002 Cyber Defense Forensics Analyst

Appendix D Special Publication 800-53 Controls Applicable to Best Practices for TLS Server Certificate Management

The following table provides an explanation of how specific controls defined within 800-53 should be applied to TLS server certificate management recommended best practices.

Table 2 Application of Specific Controls to TLS Server Certificate Management Recommended Best Practices

SP 800-53 Control #

SP 800-53 Requirement

Mapping to TLS Server Certificates

AC-1

ACCESS CONTROL POLICY AND PROCEDURES Control: a. Develop, document, and disseminate to [Assignment: organization-defined personnel or roles]: 1. An access control policy that: i. Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and ii. Is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines.

An access control policy is defined for TLS private keys. Private keys associated with TLS server certificates must be protected from compromise. Most TLS private keys are stored in files. Access to these files must be limited to authorized personnel. If a person with access to a private key is reassigned or terminated, the private key and certificate should be changed.

AC-5

SEPARATION OF DUTIES Control: a. Separate [Assignment: organization-defined duties of individuals]; b. Document separation of duties of individuals; and c. Define system access authorizations to support separation of duties. Separation of duties addresses the potential for abuse of authorized privileges and helps to reduce the risk of malevolent activity without collusion.

When a certificate is requested, another party (with knowledge of the application and requester) or automated process should review and approve the request prior to certificate issuance.

AC-6

LEAST PRIVILEGE Control: Employ the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions.

Access to private keys should only be assigned to appropriate personnel with a need-to-know. Automation should be used where possible to minimize the need for direct private key access by people.

AC-16

SECURITY AND PRIVACY ATTRIBUTES Control: a. Provide the means to associate [Assignment: organization-defined types of security and privacy attributes] having [Assignment: organization-defined security and privacy attribute values] with information in storage, in process, and/or in transmission; b. Ensure that the security and privacy attribute associations are made and retained with the information; c. Establish the permitted [Assignment: organization-defined security attributes] for [Assignment: organization-defined systems]; and

d. Determine the permitted [Assignment: organization-defined values or ranges] for each of the established security and privacy attributes.

The TLS server certificate inventory should include metadata fields for all relevant security and privacy attributes for each certificate, including issuer, key length, signing algorithm, validity period, and owner.

AT-2

AWARENESS TRAINING Control: Provide basic security and privacy awareness training to system users (including managers, senior executives, and contractors): a. As part of initial training for new users; b. When required by system changes; and c. [Assignment: organization-defined frequency] thereafter.

All certificate owners should have sufficient training to understand the best practices/policies for TLS server certificate and private key management as well as their role and responsibilities.

AU-1

AUDIT AND ACCOUNTABILITY POLICY AND PROCEDURES Control: a. Develop, document, and disseminate to [Assignment: organization-defined personnel or roles]: 1. An audit and accountability policy that: i. Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and ii. Is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines; and 2. Procedures to facilitate the implementation of the audit and accountability policy and the associated audit and accountability controls; b. Designate an [Assignment: organization-defined senior management official] to manage the audit and accountability policy and procedures; c. Review and update the current audit and accountability: 1. Policy [Assignment: organization-defined frequency]; and 2. Procedures [Assignment: organization-defined frequency]; d. Ensure that the audit and accountability procedures implement the audit and accountability policy and controls; and e. Develop, document, and implement remediation actions for violations of the audit and accountability policy.

Develop, document, and disseminate policies and procedures for auditing TLS server certificate management.

AU-2

AUDIT EVENTS Control: Verify that the system can audit the following event types: [Assignment: organization-defined auditable event types].

Ensure that all TLS certificate and private key management operations are logged, including key generation, certificate enrollment, copying of keys, and certificate issuance/renewal/replacement/ revocation.

AU-3

CONTENT OF AUDIT RECORDS Control: The system generates audit records containing information that establishes what type of event occurred, when the event occurred, where the event occurred, the source of the event, the outcome of the event, and the identity of any individuals or subjects associated with the event.

Ensure that logged TLS server certificate management events contain all relevant data needed for audits, including date/time, operation performed, identifiers for the person or system performing the operation, identifiers for the asset (e.g., certificate/key) affected, and any other relevant information.

AU-6

AUDIT REVIEW, ANALYSIS, AND REPORTING Control: Review and analyze system audit records [Assignment: organization-defined frequency] for indications of [Assignment: organization-defined inappropriate or unusual activity].

Implement regular manual and/or automated reviews to detect unauthorized TLS server certificate and private key operations.

AU-12

AUDIT GENERATION Control: a. Provide audit record generation capability for the auditable event types in AU-2 a. at [Assignment: organization-defined system components]; b. Allow [Assignment: organization-defined personnel or roles] to select which auditable event types are to be audited by specific components of the system; and c. Generate audit records for the event types defined in AU-2 d. with the content in AU-3.

Ensure that 1) all components involved in TLS server certificate and private key management generate audit records and that the appropriate information and audit records are collected to a central log.

AU-13

MONITORING FOR INFORMATION DISCLOSURE Control: Monitor [Assignment: organization-defined open source information and/or information sites] [Assignment: organization-defined frequency] for evidence of unauthorized disclosure of organizational information.

Monitor the internet for rogue installations of TLS certificates (which can indicate private key compromise).

CA-1

ASSESSMENT, AUTHORIZATION, AND MONITORING POLICY AND PROCEDURES Control: a. Develop, document, and disseminate to [Assignment: organization-defined personnel or roles]: 1. A security and privacy assessment, authorization, and monitoring policy that: i. Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and ii. Is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines; and 2. Procedures to facilitate the implementation of the security and privacy assessment, authorization, and monitoring policy and the associated security and privacy assessment, authorization, and monitoring controls; b. Designate an [Assignment: organization-defined senior management official] to manage the security and privacy assessment, authorization, and monitoring policy and procedures; c. Review and update the current security and privacy assessment, authorization, and monitoring: 1. Policy [Assignment: organization-defined frequency]; and 2. Procedures [Assignment: organization-defined frequency]; d. Ensure that the security and privacy assessment, authorization, and monitoring procedures implement the security and privacy assessment, authorization, and monitoring policy and controls; and e. Develop, document, and implement remediation actions for violations of security and privacy assessment, authorization, and monitoring policy.

Establish clear policies and responsibilities for TLS server certificate management. Ensure that all certificate owners and the certificate services team are educated and understand their responsibilities.

CA-2

ASSESSMENTS Control: a. Develop a security and privacy assessment plan that describes the scope of the assessment including: 1. Security and privacy controls and control enhancements under assessment; 2. Assessment procedures to be used to determine control effectiveness; and 3. Assessment environment, assessment team, and assessment roles and responsibilities.

Develop a security assessment plan to verify that TLS server certificate policies are followed. Ensure that an executive with sufficient authority is assigned to review and assess the current policy compliance status and posture of the TLS server certificate management program (e.g., do all groups have an up-to-date inventory, is ownership information kept up to date, are private keys secured, is automation used wherever possible, etc.).

CA-5

PLAN OF ACTION AND MILESTONES Control: a. Develop a plan of action and milestones for the system to document the planned remedial actions of the organization to correct weaknesses or deficiencies noted during the assessment of the controls and to reduce or eliminate known vulnerabilities in the system; and b. Update existing plan of action and milestones [Assignment: organization-defined frequency] based on the findings from control assessments, impact analyses, and continuous monitoring activities.

Establish a remediation plan to address deficiencies. Ensure executive oversight. Regularly review progress on the achievement of milestones and provide executive support where needed to ensure sufficient resources to meet milestones.

CA-7

CONTINUOUS MONITORING Control: Develop a security and privacy continuous monitoring strategy and implement security and privacy continuous monitoring programs that include: a. Establishing the following security and privacy metrics to be monitored: [Assignment: organization-defined metrics]; b. Establishing [Assignment: organization-defined frequencies] for monitoring and [Assignment: organization-defined frequencies] for ongoing assessment of security and privacy control effectiveness; c. Ongoing security and privacy control assessments in accordance with the organizational continuous monitoring strategy; d. Ongoing security and privacy status monitoring of organization-defined metrics in accordance with the organizational continuous monitoring strategy; e. Correlation and analysis of security- and privacy-related information generated by security and privacy control assessments and monitoring; f. Response actions to address results of the analysis of security- and privacy-related information; and g. Reporting the security and privacy status of the organization and organizational systems to [Assignment: organization-defined personnel or roles] [Assignment: organization-defined frequency].

Implement continuous monitoring for all TLS server certificates, including:

  • Regular automated network discovery scans to detect newly deployed certificates

  • Monitoring certificate expiration dates

  • Automated checking that all known certificates are correctly installed and operational

  • Tracking of CT records for fraudulent certificates.

Ensure that encrypted TLS sessions can be monitored for malicious activity via proxy, endpoint agent, or passive decryption.

CM-2

BASELINE CONFIGURATION Control: a. Develop, document, and maintain under configuration control, a current baseline configuration of the system; and b. Review and update the baseline configuration of the system.

Perform automated network discovery scans to establish a comprehensive baseline of the TLS server certificate inventory. Review and update baseline configuration.

CM-3

CONFIGURATION CHANGE CONTROL Control: a. Determine the types of changes to the system that are configuration-controlled; b. Review proposed configuration-controlled changes to the system and approve or disapprove such changes with explicit consideration for security impact analyses; c. Document configuration change decisions associated with the system; d. Implement approved configuration-controlled changes to the system; e. Retain records of configuration-controlled changes to the system for [Assignment: organization-defined time-period]; f. Monitor and review activities associated with configuration-controlled changes to the system.

Ensure that certificate replacement operations are included in change control plans. Ensure all certificate management operations are scheduled and reviewed. Retain logs of all certificate management operations.

CM-6

CONFIGURATION SETTINGS Control: Establish and document configuration settings for components employed within the system using [Assignment: organization-defined common secure configurations] that reflect the most restrictive mode consistent with operational requirements.

Establish and document the following for TLS server certificates:

  • Key lengths

  • Signing algorithms

  • Certificate authorities

  • Validity periods

  • Private key access control and protection

CM-8

SYSTEM COMPONENT INVENTORY Control: a. Develop and document an inventory of system components that: 1. Accurately reflects the current system; 2. Includes all components within the authorization boundary of the system; 3. Is at the level of granularity deemed necessary for tracking and reporting; and 4. Includes [Assignment: organization-defined information deemed necessary to achieve effective system component accountability]; and b. Review and update the system component inventory [Assignment: organization-defined frequency].

Ensure that a comprehensive TLS server certificate inventory is established and maintained, including:

  • Metadata

  • Installed locations

  • Owners

CM-12

INFORMATION LOCATION Control: a. Identify the location of [Assignment: organization-defined information] and the specific system components on which the information resides; b. Identify and document the users who have access to the system and system components where the information resides; and c. Document changes to the location (i.e., system or system components) where the information resides.

Identify the location of all TLS certificates and private keys . Identify and document and keep up to date information about all certificate owners and System Administrators.

Identify and document and keep up-to-date-information about the location of private keys.

CP-2

CONTINGENCY PLAN Control: a. Develop a contingency plan for the system that: 1. Identifies essential missions and business functions and associated contingency requirements; 2. Provides recovery objectives, restoration priorities, and metrics; 3. Addresses contingency roles, responsibilities, assigned individuals with contact information; 4. Addresses maintaining essential missions and business functions despite a system disruption, compromise, or failure; 5. Addresses eventual, full system restoration without deterioration of the security and privacy controls originally planned and implemented; and 6. Is reviewed and approved by [Assignment: organization-defined personnel or roles]; b. Distributes copies of the contingency plan to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; c. Coordinates contingency planning activities with incident handling activities; d. Reviews the contingency plan for the system [Assignment: organization-defined frequency]; e. Updates the contingency plan to address changes to the organization, system, or environment of operation and problems encountered during contingency plan implementation, execution, or testing; f. Communicates contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; and g. Protects the contingency plan from unauthorized disclosure and modification.

Establish “crypto-agility” plans for the replacement of TLS server certificates in response to a CA compromise, discovered algorithm vulnerability, discovered cryptographic bug, or compromised private keys.

CP-3

CONTINGENCY TRAINING Control: Provide contingency training to system users consistent with assigned roles and responsibilities: a. Within [Assignment: organization-defined time-period] of assuming a contingency role or responsibility; b. When required by system changes; and c. [Assignment: organization-defined frequency] thereafter.

Ensure all certificate owners are trained and understand their responsibilities in TLS server certificate crypto-agility plans.

CP-4

CONTINGENCY PLAN TESTING Control: a. Test the contingency plan for the system [Assignment: organization-defined frequency] using [Assignment: organization-defined tests] to determine the effectiveness of the plan and the organizational readiness to execute the plan; b. Review the contingency plan test results; and c. Initiate corrective actions, if needed.

Ensure that TLS server certificate crypto-agility plans are regularly tested.

CP-13

ALTERNATIVE SECURITY MECHANISMS Control: Employ [Assignment: organization-defined alternative or supplemental security mechanisms] for satisfying [Assignment: organization-defined security functions] when the primary means of implementing the security function is unavailable or compromised.

Ensure that backup certificate authorities (CAs) are maintained, including maintaining contracts with backup public CAs.

IA-3

DEVICE IDENTIFICATION AND AUTHENTICATION Control: Uniquely identify and authenticate [Assignment: organization-defined specific and/or types of devices] before establishing a [Selection (one or more): local; remote; network] connection.

Ensure that all TLS servers have certificates for authentication. Ensure that all TLS clients properly validate TLS server certificates when establishing TLS connections

IA-4

IDENTIFIER MANAGEMENT Control: Manage system identifiers by: a. Receiving authorization from [Assignment: organization-defined personnel or roles] to assign an individual, group, role, or device identifier; b. Selecting an identifier that identifies an individual, group, role, or device; c. Assigning the identifier to the intended individual, group, role, or device; and d. Preventing reuse of identifiers for [Assignment: organization-defined time-period].

Ensure that all TLS server certificate requests are reviewed by a person with relevant knowledge of the application in question or via an approved automated process to verify that the common names (CNs) and subject alternative names (SANs) that serve as identifiers in TLS server certificates are vetted before issuance.

IA-5

AUTHENTICATOR MANAGEMENT Control: Manage system authenticators by: a. Verifying, as part of the initial authenticator distribution, the identity of the individual, group, role, or device receiving the authenticator; b. Establishing initial authenticator content for any authenticators issued by the organization; c. Ensuring that authenticators have sufficient strength of mechanism for their intended use; d. Establishing and implementing administrative procedures for initial authenticator distribution, for lost/compromised or damaged authenticators, and for revoking authenticators; e. Establishing minimum and maximum lifetime restrictions and reuse conditions for authenticators; f. Changing/refreshing authenticators [Assignment: organization-defined time-period by authenticator type]; g. Protecting authenticator content from unauthorized disclosure and modification; h. Requiring individuals to take, and having devices implement, specific security controls to protect authenticators; and i. Changing authenticators for group/role accounts when membership to those accounts’ changes.

Ensure TLS server certificates, which serve as authenticators for servers, are properly managed, including:

  • An up to date inventory

  • Up to date ownership information

  • Secure private key handling and distribution

  • Sufficient key length and strong signing algorithms

  • Appropriate reviews for certificate requests

  • Replacement of certificates and keys on role changes and termination

  • Continuous monitoring

IA-9

SERVICE IDENTIFICATION AND AUTHENTICATION Control: Identify and authenticate [Assignment: organization-defined system services and applications] before establishing communications with devices, users, or other services or applications.

Use TLS server certificates for identification and authentication on all servers where TLS is the appropriate security protocol to secure communications (e.g., to secure HTTP, SMTP, LDAP, FTP, etc.).

IR-1

INCIDENT RESPONSE POLICY AND PROCEDURES Control: a. Develop, document, and disseminate to [Assignment: organization-defined personnel or roles]: 1. An incident response policy that: i. Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and ii. Is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines; and 2. Procedures to facilitate the implementation of the incident response policy and the associated incident response controls; b. Designate an [Assignment: organization-defined senior management official] to manage the incident response policy and procedures; c. Review and update the current incident response: 1. Policy [Assignment: organization-defined frequency]; and 2. Procedures [Assignment: organization-defined frequency]; d. Ensure that the incident response procedures implement the incident response policy and controls; and e. Develop, document, and implement remediation actions for violations of the incident response policy.

Document and disseminate TLS server certificate incident response plans for the following:

  • Certificate authority compromises

  • Cryptographic algorithms found to be vulnerable

  • Cryptographic library bugs that affect cryptographic keys and certificates

  • Compromise of one or more private keys that are associated with certificates

  • Compromise of the certificate management system itself

IR-2

INCIDENT RESPONSE TRAINING Control: Provide incident response training to system users consistent with assigned roles and responsibilities: a. Within [Assignment: organization-defined time-period] of assuming an incident response role or responsibility.

Ensure all certificate owners are trained and understand their responsibilities in TLS server certificate incident response plans.

IR-3

INCIDENT RESPONSE TESTING Control: Test the incident response capability for the system [Assignment: organization-defined frequency] using [Assignment: organization-defined tests] to determine the incident response effectiveness and documents the results.

Ensure that TLS server certificate incident response plans are tested.

IR-4

INCIDENT HANDLING Control: a. Implement an incident handling capability for security and privacy incidents that includes preparation, detection and analysis, containment, eradication, and recovery; b. Coordinate incident handling activities with contingency planning activities; c. Incorporate lessons learned from ongoing incident handling activities into incident response procedures, training, and testing, and implement the resulting changes accordingly; and d. Ensure the rigor, intensity, scope, and results of incident handling activities are comparable and predictable across the organization.

  • Document and disseminate TLS server certificate incident response plans for the following: Certificate authority compromises

  • Cryptographic algorithms found to be vulnerable

  • Cryptographic library bugs that affect cryptographic keys and certificates

  • Compromise of one or more private keys that are associated with certificates

  • Compromise of the certificate management system itself

MA-1

SYSTEM MAINTENANCE POLICY AND PROCEDURES Control: a. Develop, document, and disseminate to [Assignment: organization-defined personnel or roles]: 1. A system maintenance policy that: i. Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and ii. Is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines; and 2. Procedures to facilitate the implementation of the system maintenance policy and the associated system maintenance controls; b. Designate an [Assignment: organization-defined senior management official] to manage the system maintenance policy and procedures; c. Review and update the current system maintenance: 1. Policy [Assignment: organization-defined frequency]; and 2. Procedures [Assignment: organization-defined frequency]; d. Ensure that the system maintenance procedures implement the system maintenance policy and controls; and e. Develop, document, and implement remediation actions for violations of the maintenance policy.

Establish TLS server certificate maintenance policies and procedures, including purpose, scope, roles, responsibilities, management commitment, coordination, and compliance.

MA-6

TIMELY MAINTENANCE Control: Obtain maintenance support and/or spare parts for [Assignment: organization-defined system components] within [Assignment: organization-defined time-period] of failure.

Ensure that certificates are renewed and replaced a sufficient number of days prior to expiration to minimize downtime risk.

PL-2

SECURITY AND PRIVACY PLANS Control: a. Develop security and privacy plans for the system that: 1. Are consistent with the organization’s enterprise architecture; 2. Explicitly define the authorization boundary for the system; 3. Describe the operational context of the system in terms of missions and business processes; 4. Provide the security categorization of the system including supporting rationale; 5. Describe the operational environment for the system and relationships with or connections to other systems; 6. Provide an overview of the security and privacy requirements for the system; 7. Identify any relevant overlays, if applicable; 8. Describe the security and privacy controls in place or planned for meeting those requirements including a rationale for the tailoring decisions; and 9. Are reviewed and approved by the authorizing official or designated representative prior to plan implementation; b. Distribute copies of the security and privacy plans and communicate subsequent changes to the plans to [Assignment: organization-defined personnel or roles]; c. Review the security and privacy plans [Assignment: organization-defined frequency]; d. Update the security and privacy plans to address changes to the system and environment of operation or problems identified during plan implementation or security and privacy control assessments; and e. Protect the security and privacy plans from unauthorized disclosure and modification.

Develop security plans for TLS private keys to ensure they are consistent with the security plans for other secrets such as passwords and keys for symmetric-key encryption.

PL-9

CENTRAL MANAGEMENT Control: Centrally manage [Assignment: organization-defined security and privacy controls and related processes].

Establish a central certificate service that enables central oversight and monitoring. Define clear TLS server certificate management responsibilities for the certificate services team and certificate owners.

PM-1

INFORMATION SECURITY PROGRAM PLAN Control: a. Develop and disseminate an organization-wide information security program plan that: 1. Provides an overview of the requirements for the security program and a description of the security program management controls and common controls in place or planned for meeting those requirements; 2. Includes the identification and assignment of roles, responsibilities, management commitment, coordination among organizational entities, and compliance; 3. Reflects the coordination among organizational entities responsible for information security; and 4. Is approved by a senior official with responsibility and accountability for the risk being incurred to organizational operations (including mission, functions, image, and reputation), organizational assets, individuals, other organizations, and the Nation; b. Review the organization-wide information security program plan [Assignment: organization-defined frequency]; c. Update the information security program plan to address organizational changes and problems identified during plan implementation or control assessments; and d. Protect the information security program plan from unauthorized disclosure and modification.

Develop and disseminate an information security program plan that includes the following for TLS server certificates:

  • Requirements for proper management

  • Roles and responsibilities

  • Coordination between the certificate services team and certificate owners

PM-2

INFORMATION SECURITY PROGRAM ROLES Control: a. Appoint a Senior Agency Information Security Officer with the mission and resources to coordinate, develop, implement, and maintain an organization-wide information security program; b. Appoint a Senior Accountable Official for Risk Management to align information security management processes with strategic, operational, and budgetary planning processes; and c. Appoint a Risk Executive (function) to view and analyze risk from an organization-wide perspective and ensure management of risk is consistent across the organization.

Appoint a senior executive with the mission of ensuring TLS server certificates are properly managed to minimize security and operational risks.

PM-4

PLAN OF ACTION AND MILESTONES PROCESS Control: a. Implement a process to ensure that plans of action and milestones for the security and privacy programs and associated organizational systems: 1. Are developed and maintained; 2. Document the remedial information security and privacy actions to adequately respond to risk to organizational operations and assets, individuals, other organizations, and the Nation; and 3. Are reported in accordance with established reporting requirements. b. Review plans of action and milestones for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions.

Establish actions and milestones for implementing and deploying the TLS server certificate information security program plan. Ensure regular reviews of progress and status are performed.

PM-5

SYSTEM INVENTORY Control: Develop and maintain an inventory of organizational systems.

Ensure that a comprehensive TLS server certificate inventory is established and maintained, including:

  • Metadata

  • Installed locations

Owners

PM-7

ENTERPRISE ARCHITECTURE Control: Develop an enterprise architecture with consideration for information security, privacy, and the resulting risk to organizational operations and assets, individuals, other organizations, and the Nation.

Establish an enterprise architecture that enables the monitoring of communications within TLS encrypted sessions for attacks (Inspect TLS traffic on sessions between external and internal devices as well as sessions between internal devices).

PM-9

RISK MANAGEMENT STRATEGY Control: a. Develops a comprehensive strategy to manage: 1. Security risk to organizational operations and assets, individuals, other organizations, and the Nation associated with the operation and use of organizational systems; 2. Privacy risk to individuals resulting from the collection, sharing, storing, transmitting, use, and disposal of personally identifiable information; and 3. Supply chain risks associated with the development, acquisition, maintenance, and disposal of systems, system components, and system services; b. Implement the risk management strategy consistently across the organization; and c. Review and update the risk management strategy [Assignment: organization-defined frequency] or as required, to address organizational changes.

Ensure the following risks are addressed in the Risk Management Strategy for TLS server certificates:

  • Outages due to certificate expirations

  • Undetected pivoting between systems within TLS encrypted connections

  • Outages or disclosure of information that could result from an inability to rapidly change large numbers of certificates and keys in response to a large-scale cryptographic event

  • Discloser of private keys that could result from manual key transfer

  • Disclosure of information that could result from an adversary installing a rogue server certificate

  • Disclosure of information that could result from trusting a bogus certificate or unapproved certificate authority

  • Disclosure of information that could result from using an improperly configured certificate, a vulnerable cryptographic algorithm or an insufficiently long key

RA-3

RISK ASSESSMENT Control: a. Conduct a risk assessment, including the likelihood and magnitude of harm, from: 1. The unauthorized access, use, disclosure, disruption, modification, or destruction of the system, the information it processes, stores, or transmits, and any related information; and 2. Privacy-related problems for individuals arising from the intentional processing of personally identifiable information; b. Integrate risk assessment results and risk management decisions from the organization and missions/business process perspectives with system-level risk assessments; c. Document risk assessment results in [Selection: security and privacy plans; risk assessment report; [Assignment: organization-defined document]]; d. Review risk assessment results [Assignment: organization-defined frequency]; e. Disseminate risk assessment results to [Assignment: organization-defined personnel or roles]; and f. Update the risk assessment [Assignment: organization-defined frequency] or when there are significant changes to the system, its environment of operation, or other conditions that may impact the security or privacy state of the system.

Ensure the following TLS server certificates risks are included in the Risk Assessment:

  • Outages due to certificate expirations

  • Undetected pivoting between systems within TLS encrypted connections

  • Outages or disclosure of information that could result from an inability to rapidly change large numbers of certificates and keys in response to a large-scale cryptographic event.

  • Discloser of private keys that could result from manual key transfer

  • Disclosure of information that could result from an adversary installing a rogue server certificate

  • Disclosure of information that could result from trusting a bogus certificate or unapproved certificate authority

  • Disclosure of information that could result from using an improperly configured certificate, vulnerable cryptographic algorithm or an insufficiently long key

RA-5

VULNERABILITY SCANNING Control: a. Scan for vulnerabilities in the system and hosted applications [Assignment: organization-defined frequency and/or randomly in accordance with organization-defined process] and when new vulnerabilities potentially affecting the system are identified and reported; b. Employ vulnerability scanning tools and techniques that facilitate interoperability among tools and automate parts of the vulnerability management process by using standards for: 1. Enumerating platforms, software flaws, and improper configurations; 2. Formatting checklists and test procedures; and 3. Measuring vulnerability impact; c. Analyze vulnerability scan reports and results from control assessments; d. Remediate legitimate vulnerabilities [Assignment: organization-defined response times] in accordance with an organizational assessment of risk; e. Share information obtained from the vulnerability scanning process and control assessments with [Assignment: organization-defined personnel or roles] to help eliminate similar vulnerabilities in other systems; and f. Employ vulnerability scanning tools that include the capability to readily update the vulnerabilities to be scanned.

Scan for vulnerabilities in TLS server certificates, including:

  • Improperly configured certificates

  • Weak key lengths

  • Vulnerable cryptographic algorithms

  • Unapproved certificate authorities

  • Validity periods that exceed approved maximums

RA-7

RISK RESPONSE Control: Respond to findings from security and privacy assessments, monitoring, and audits.

Respond to findings from security and privacy assessments, monitoring, and audits for TLS server certificates and related system components.

SA-1

SYSTEM AND SERVICES ACQUISITION POLICY AND PROCEDURES Control: a. Develop, document, and disseminate to [Assignment: organization-defined personnel or roles]: 1. A system and services acquisition policy that: i. Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and ii. Is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines; and 2. Procedures to facilitate the implementation of the system and services acquisition policy and the associated system and services acquisition controls; b. Designate an [Assignment: organization-defined senior management official] to manage the system and services acquisition policy and procedures; c. Review and update the current system and services acquisition: 1. Policy [Assignment: organization-defined frequency]; and 2. Procedures [Assignment: organization-defined frequency]; d. Ensure that the system and services acquisition procedures implement the system and services acquisition policy and controls; and e. Develop, document, and implement remediation actions for violations of the system and services acquisition policy. Designate approved public CAs from which TLS server certificates can be acquired.

Designate approved public and internal CAs from which TLS server certificates may be acquired and used.

Designate approved TLS Server Certificate Management components that can be acquired and used, e.g. central certificate service software, HSMs, TLS inspection appliances.

SA-3

SYSTEM DEVELOPMENT LIFE CYCLE Control: a. Manage the system using [Assignment: organization-defined system development life cycle] that incorporates information security and privacy considerations; b. Define and document information security and privacy roles and responsibilities throughout the system development life cycle; c. Identify individuals having information security and privacy roles and responsibilities; and d. Integrate the organizational information security and privacy risk management process into system development life cycle activities.

Define and document clear lifecycle management processes and responsibilities for TLS server certificates.

SA-4

ACQUISITION PROCESS Control: Include the following requirements, descriptions, and criteria, explicitly or by reference, in the acquisition contract for the system, system component, or system service: a. Security and privacy functional requirements; b. Strength of mechanism requirements; c. Security and privacy assurance requirements; d. Security and privacy documentation requirements; e. Requirements for protecting security and privacy documentation; f. Description of the system development environment and environment in which the system is intended to operate; g. Allocation of responsibility or identification of parties responsible for information security, privacy, and supply chain risk management; and h. Acceptance criteria.

Enforce the criteria in requirements a. through g. in acquisition contracts with public certificate authorities.

SA-10

DEVELOPER CONFIGURATION MANAGEMENT Control: Require the developer of the system, system component, or system service to: a. Perform configuration management during system, component, or service [Selection (one or more): design; development; implementation; operation; disposal]; b. Document, manage, and control the integrity of changes to [Assignment: organization-defined configuration items under configuration management]; c. Implement only organization-approved changes to the system, component, or service; d. Document approved changes to the system, component, or service and the potential security and privacy impacts of such changes; and e. Track security flaws and flaw resolution within the system, component, or service and report findings to [Assignment: organization-defined personnel].

Ensure that developers who leverage TLS server certificates in their developed systems (e.g., DevOps) follow TLS server certificate management policies and procedures.

Ensure that system administrators that are responsible for installation and configuration of TLS management components such as the central certificate service software, HSMs, and TLS inspection appliances follow TLS server certificate management policies when initially configuring these components. Ensure that all configuration changes are approved an also conform to policies.

SC-1

SYSTEM AND COMMUNICATIONS PROTECTION POLICY AND PROCEDURES Control: a. Develop, document, and disseminate to [Assignment: organization-defined personnel or roles]: 1. A system and communications protection policy that: i. Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and ii. Is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines; and 2. Procedures to facilitate the implementation of the system and communications protection policy and the associated system and communications protection controls; b. Designate an [Assignment: organization-defined senior management official] to manage the system and communications protection policy and procedures; c. Review and update the current system and communications protection: 1. Policy [Assignment: organization-defined frequency]; and 2. Procedures [Assignment: organization-defined frequency]; d. Ensure that the system and communications protection procedures implement the system and communications protection policy and controls; and e. Develop, document, and implement remediation actions for violations of the system and communications protection policy.

Ensure that secure management of TLS server certificates and private keys is incorporated into Communications Protection Policy and Procedures.

Ensure that protection of TLS server certificate management components, e.g., central certificate management service software, HSMs, TLS inspection appliances, is incorporated into Systems Protection Policy and Procedures.

SC-8

TRANSMISSION CONFIDENTIALITY AND INTEGRITY Control: Protect the [Selection (one or more): confidentiality; integrity] of transmitted information.

Leverage TLS in the protecting the integrity and confidentiality of transmitted information. Implement secure management of TLS server certificates and private keys to ensure the secure operation of TLS.

SC-12

CRYPTOGRAPHIC KEY ESTABLISHMENT AND MANAGEMENT Control: Establish and manage cryptographic keys for required cryptography employed within the system in accordance with [Assignment: organization-defined requirements for key generation, distribution, storage, access, and destruction].

Establish and manage TLS private keys in compliance with requirements in NIST SP 800-57 and SP 1800-16B.

SC-17

PUBLIC KEY INFRASTRUCTURE CERTIFICATES Control: Issue public key certificates under an [Assignment: organization-defined certificate policy] or obtain public key certificates from an approved service provider.

Document, publish, communicate, and enforce clear policies for TLS server certificate issuance and management.

SC-23

SESSION AUTHENTICITY Control: Protect the authenticity of communications sessions.

Use TLS server certificates to authenticate servers.

SI-4

SYSTEM MONITORING Control: a. Monitor the system to detect: 1. Attacks and indicators of potential attacks in accordance with [Assignment: organization-defined monitoring objectives]; and 2. Unauthorized local, network, and remote connections; b. Identify unauthorized use of the system through [Assignment: organization-defined techniques and methods]; c. Invoke internal monitoring capabilities or deploy monitoring devices: 1. Strategically within the system to collect organization-determined essential information; and 2. At ad hoc locations within the system to track specific types of transactions of interest to the organization; d. Protect information obtained from intrusion-monitoring tools from unauthorized access, modification, and deletion; e. Adjust the level of system monitoring activity when there is a change in risk to organizational operations and assets, individuals, other organizations, or the Nation; f. Obtain legal opinion regarding system monitoring activities; and g. Provide [Assignment: organization-defined system monitoring information] to [Assignment: organization-defined personnel or roles] [Selection (one or more): as needed; [Assignment: organization-defined frequency]].

Monitor sessions and operations within TLS encrypted connections to detect attacks and indicators of potential attacks.

Appendix E References

B1

E. Barker, “Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms,” NIST SP 800-175B, Gaithersburg, MD, Aug. 2016. Available: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-175B.pdf.

B2

E. Barker and A. Roginsky, “Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths,” National Institute of Standards and Technology (NIST) Special Publication (SP) 800-131A Revision 1, Gaithersburg, MD, Nov. 2015. Available: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf.

B3

D. Cooper et al., “Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile,” RFC 5280, May 2008. Available: https://tools.ietf.org/html/rfc5280.

B4

M. Crispin, “Internet Message Access Protocol – Version 4rev1,” RFC 3501, Mar. 2003. Available: https://tools.ietf.org/html/rfc3501.

B5

T. Dierks and E. Rescorla, “The Transport Layer Security (TLS) protocol version 1.2,” RFC 5246, Aug. 2008. Available: https://tools.ietf.org/html/rfc5246.

B6

Information Technology Laboratory, “Secure Hash Standard (SHS),” NIST, Federal Information Processing Standards PUB 180-4, Gaithersburg, MD, Aug. 2015. Available: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf.

B7

J. Klensin, “Simple Mail Transfer Protocol,” RFC 5321, Oct. 2008. Available: https://tools.ietf.org/html/rfc5321.

B8

P. Mockapetris, “Domain Names – Concepts and Facilities,” RFC 1034, Nov. 1987. Available: https://tools.ietf.org/html/rfc1034.

B9

K. Moriarty et al., “PKCS #12: Personal Information Exchange Syntax v1.1,” RFC 7292, July 2014. Available: https://tools.ietf.org/html/rfc7292.

B10

J. Myers and M. Rose, “Post Office Protocol – Version 3,” RFC 1725, Nov. 1994. Available: https://tools.ietf.org/html/rfc1725.

B11

NIST Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1, April 16, 2018. See https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf

B12

NIST SP 800-53 Rev. 5 (Draft) Security and Privacy Controls for Information Systems and Organizations. See https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft

B13

T. Polk et al., “Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations,” NIST SP 800-52 Revision 1, Gaithersburg, MD, Apr. 2014. Available: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r1.pdf.

B14

T. Pornin, “Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA),” RFC 6979, Aug. 2013. Available: https://tools.ietf.org/html/rfc6979.

B15

M. Pritikin et al., “Simple Certificate Enrollment Protocol draft-nourse-scep-23,” Internet Draft, Sept. 7, 2011. Available: https://tools.ietf.org/html/draft-nourse-scep-23.

B16

V. Rekhter et al., “A Border Gateway Protocol 4 (BGP-4),” RFC 4271, Jan. 2006. Available: https://tools.ietf.org/html/rfc4271.

B17

E. Rescorla, “HTTP over TLS,” RFC 2818, May 2000. Available: https://tools.ietf.org/html/rfc2818.

B18

J. Sermersheim, “Lightweight Directory Access Protocol (LDAP): The protocol,” RFC 4511, June2006. Available: https://www.ietf.org/rfc/rfc4511.txt.