United States of America: Opened Consultation on NIST Practice Guide for TLS 1.3 Internet Security Protocol Implementation

On 30 January 2024, the National Institute of Standards and Technology (NIST) opened a consultation on the draft practice guide, "Addressing Visibility Challenges with TLS 1.3 within the Enterprise (NIST Special Publication (SP) 1800-37)". The consultation remains open for public comments until 1 April 2024. The guide aims to help businesses in key industries such as finance and healthcare implement the latest internet security protocol, TLS 1.3, and perform required network monitoring and auditing in a safe, secure and effective manner. Furthermore, the guide outlines six techniques for organisations to access encryption keys securely, safeguarding data from unauthorised access. Despite TLS 1.3 discarding keys upon receiving data, the guide's methods enable organisations to retain raw and decrypted data temporarily for security monitoring. This information is stored securely for audit and forensics but is destroyed after security processing. While risks exist in storing keys, the NIST guide presents secure alternatives.