Thank you for your interest in commenting on the draft practice guide NIST Special Publication SP 1800-16, Securing Web Transactions: Transport Layer Security (TLS) Server Certificate Management. The authors will review and adjudicate all comments received before publishing the next version. We appreciate you taking the time to read through and provide feedback to help the NCCoE refine this document.
You may submit comments using the form on this page or by emailing them to firstname.lastname@example.org. Anonymous comments are accepted, although including your name and contact information will enable the authors to contact you for clarification, if necessary. Please note that all comments received are subject to release under the Freedom of Information Act. Please do not submit confidential business information or otherwise sensitive or protected information. A call for patent claims in included on page two of Volume C. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.
As you review the document, here are a few questions to consider:
- Has the draft guide provided the necessary guidance to help you establish and/or refine a formal TLS server certificate management program within your organization?
- If your organization has experienced challenges associated with managing TLS server certificates and keys, was the draft guide useful in helping you develop and execute a plan to overcome these obstacles?
- Do you have feedback on the TLS server certificate management policies and management capabilities recommended in Volume B, or on the roles or responsibilities recommended for adhering to those policies and capabilities?
- Do you have feedback on the approach, architecture, and security characteristics that are recommended in Volume C?
- What are your thoughts on the instructions for building the example solution in the "How-To-Guides" featured In Volume D?
The comment period for this draft document closed on September 13, 2019.