Comments on SP 1800-16, Securing Web Transactions: TLS Server Certificate Management

Thank you for your interest in commenting on the Security Web Transactions: Transport Layer Security (TLS) Certificate Management Practice Guide, Volumes A and B. Comments can be supportive or critical and may include suggestions of changes or additions that you believe will improve the project.

As you review these volumes, please consider how they might apply to your own organization, and please share your feedback and experiences with us. Here are a few questions to consider:

  • Has the draft guide helped your organization recognize the importance of establishing a formal TLS server certificate management program to protect business operations?
  • Has the draft guide provided the guidance needed to establish and/or refine a formal TLS server certificate management program?
  • Do you have feedback on the implementation of a formal TLS server certificate management program?
  • Do you have feedback on the TLS server certificate management policies recommended in Volume B, or on the roles or responsibilities recommended for adhering to those policies?
  • Do you have feedback on the TLS server certificate management capabilities that are recommended in Volume B?
  • If your organization has experienced challenges associated with managing TLS server certificates and keys, did you find the draft guide to be useful?

Please submit comments through the form on this page. Or, to help coordinate comments within your organization, you may use this template to collect feedback and may email the worksheet to tls-cert-mgmt-nccoe@nist.gov.

Respondents can include the name of the person or organization filing the comment, which will allow us to contact you for clarity, if necessary. Anonymous comments will also be accepted. 

Please note: All comments received are a part of the public record and will generally be included in the final document without change. All personally identifiable information (for example, name and address) voluntarily submitted by the commenter may be publicly accessible. Please do not submit confidential business information or otherwise sensitive or protected information. 

The comment period for this draft practice guide is open through December 31, 2018.  

Image CAPTCHA