Upon review, we recognize that this NIST/NCCoE publication contains potentially biased terminology. As new publications are developed, they will follow NIST’s inclusive language guidance.
TLS Server Certificate Management
Transport Layer Security (TLS), a widely used cryptographic protocol, depends on TLS certificates, which organizations must deploy along with their corresponding private keys to provide their systems with unique identities that can be reliably authenticated. However, many organizations do not have the ability to centrally monitor and manage their TLS certificates.
Formal TLS server certificate management programs to help large and medium enterprises identify and address their certificate risks
Project Abstract
Securing web transactions and other communications between clients and servers for organizations is vitally important. This project used commercially available technologies to demonstrate how medium and large enterprises that rely on Transport Layer Security (TLS) can better manage their TLS server certificates by defining policies, establishing certificate inventories, conducting continuous monitoring of certificate operational and security status, and automating certificate management. The example solution can also enable rapid migration to new certificates and keys to address vulnerabilities or compromises.
In June 2020, the NCCoE finalized NIST Special Publication (SP) 1800-16, Securing Web Transactions: TLS Server Certificate Management. Volumes A and B of SP 1800-16 provide enterprises with actionable guidance to help them establish and implement a formal TLS server certificate management program. Volume C explains the approach, architecture, and security characteristics of the example solution demonstrated in the NCCoE laboratory, and Volume D contains the how-to-guides with instructions for building the example solution.
Executive leadership should establish formal TLS server certificate management programs across their enterprises.
Collaborating Vendors
Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.
Join the Community of Interest
A Community of Interest (COI) is a group of professionals and advisors who share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Share your expertise and consider becoming a member of this project's COI.