Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Draft SP 1800-16 (Volumes A and B), "Securing Web Transactions: TLS Server Certificate Management" is Available for Comment

The NCCoE seeks comments on Volumes A and B of Draft SP 1800-16, "Securing Web Transactions: TLS Server Certificate Management." Public comments are due by December 31, 2018.

The National Cybersecurity Center of Excellence (NCCoE)  has released preliminary drafts for Volume A (Executive Summary) and Volume B (Approach, Architecture and Security Characteristics) from NIST Cybersecurity Practice Guide SP 1800-16, Securing Web Transactions: TLS Server Certificate Management, for public comment. This project is using commercially available technologies to develop a cybersecurity reference design that demonstrates how to establish, assign, change and track an inventory of Transport Layer Security (TLS) certificates in medium and large enterprises. Improper oversight of TLS server certificates--which can number into the thousands for a single organization--can cause system outages and security breaches, which can result in revenue loss, harm to reputation, and exposure of confidential data to attackers.

The public comment period is open until December 31, 2018. See the publication details for links to the document and instructions for submitting comments.

We will use this feedback to help shape the latter volumes of this guide, scheduled for release in full (Volumes A,B,C,D) in the spring of 2019. In the interim, organizations can start adopting NIST's recommended best practices surrounding the oversight of large scale TLS server certificates. 
 
 
 

Released November 29, 2018, Updated January 30, 2019