NIST logo

Publication Citation: Recommendation for Key Management - Part 2: Best Practices for Key Management Organization

NIST Authors in Bold

Author(s): William C. Barker; Elaine B. Barker; William E. Burr; William T. Polk; Miles E. Smid;
Title: Recommendation for Key Management - Part 2: Best Practices for Key Management Organization
Published: August 25, 2005
Abstract: Best Practices for Key Management Organization, Part 2 of the Recommendation for Key Management is intended primarily to address the needs of system owners and managers. It provides context, principles, and implementation guidelines to assist in implementation and management of institutional key management systems. It identifies applicable laws and directives concerning security planning and management, and suggests approaches to satisfying those laws and directives with a view to minimizing the impact of management overhead on organizational resources and efficiency. This guideline acknowledges that planning and documentation requirements associated with small scale or single system cryptographic applications will not need to be as elaborate as those required for large and diverse government agencies supported by a number of general support systems and major applications. However, any organization that employs cryptography to provide security services is required to have policy, practices and planning documentation at some level or number of levels.Part 2 of the Recommendation for Key Management first identifies the structural and functional elements common to effective key management systems; second, identifies security planning requirements, general security policies and practices necessary to effective institutional key management; and finally, offers suggestions regarding how key management policies and procedures might be incorporated into security planning documentation that is already required by various Federal laws and directives.
Citation: NIST SP - 800-57 Pt2
Keywords: accreditation;certification;cryptographic key;digital signature;key management;key management policy;public key;public key infrastructure;security plan
Research Areas: Computer Security, Cybersecurity
PDF version: PDF Document Click here to retrieve PDF version of paper (405KB)