United States of America: Closed Consultation on NIST Practice Guide for TLS 1.3 Internet Security Protocol Implementation

Description

Closed Consultation on NIST Practice Guide for TLS 1.3 Internet Security Protocol Implementation

On 1 April 2024, the National Institute of Standards and Technology (NIST) closed its consultation on the draft practice guide, "Addressing Visibility Challenges with TLS 1.3 within the Enterprise (NIST Special Publication (SP) 1800-37)". The guide, developed at the NIST National Cybersecurity Center of Excellence (NCCoE), offers technical methods to help businesses in key industries such as finance and healthcare comply with the most up-to-date ways of securing data that travels over the public internet to their internal servers, while simultaneously adhering to regulations that require continuous monitoring and auditing of this data for evidence of malware and other cyberattacks. Furthermore, the guide outlines six techniques for organisations to access encryption keys securely, safeguarding data from unauthorised access. Despite TLS 1.3 discarding keys upon receiving data, the guide's methods enable organisations to retain raw and decrypted data temporarily for security monitoring. This information is stored securely for audit and forensics but is destroyed after security processing. While risks exist in storing keys, the NIST guide presents secure alternatives.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
infrastructure provider: internet and telecom services, search service provider, infrastructure provider: cloud computing, storage and databases
Implementation Level
national
Government Branch
executive
Government Body
other regulatory body

Complete timeline of this policy change

Hide details
2024-01-30
in consultation

On 30 January 2024, the National Institute of Standards and Technology (NIST) opened a consultation…

2024-04-01
processing consultation

On 1 April 2024, the National Institute of Standards and Technology (NIST) closed its consultation …

We use cookies and other technologies to perform analytics on our website. By opting in, you consent to the use by us and our third-party partners of cookies and data gathered from your use of our platform. See our Privacy Policy to learn more about the use of data and your rights.