Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations: NIST SP 800-52 Rev. 2

NIST has published Special Publication (SP) 800-52 Revision 2, "Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations."

Given the nature of interconnected networks and the use of the internet to share information, the protection of sensitive data can become difficult if proper mechanisms are not employed. Any network service that handles sensitive or valuable data—whether it is personally identifiable information (PII), financial data, or login information—needs to adequately protect that data. Transport Layer Security (TLS) protocols were created to provide authentication, confidentiality, and data integrity protection between a client and server. The initiative to secure connections will enhance privacy, increase trust that data and services are authentic, and prevent undetected modification of data from government servers while in transit.

NIST announces the publication of NIST Special Publication (SP) 800-52 Revision 2Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations, which provides guidance for selecting and configuring TLS protocol implementations while making effective use of Federal Information Processing Standards (FIPS) and NIST-recommended cryptographic algorithms. It requires that all government TLS servers and clients support TLS 1.2 configured with FIPS-based cipher suites and recommends that agencies develop migration plans to support TLS 1.3 by January 1, 2024. This Special Publication also provides guidance on certificates and TLS extensions that impact security.

Released August 29, 2019, Updated September 26, 2019