Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Recommendation for Key Management - Part 2: Best Practices for Key Management Organization



Elaine B. Barker, William C. Barker, William E. Burr, William Polk, Miles E. Smid


Best Practices for Key Management Organization, Part 2 of the Recommendation for Key Management is intended primarily to address the needs of system owners and managers. It provides context, principles, and implementation guidelines to assist in implementation and management of institutional key management systems. It identifies applicable laws and directives concerning security planning and management, and suggests approaches to satisfying those laws and directives with a view to minimizing the impact of management overhead on organizational resources and efficiency. This guideline acknowledges that planning and documentation requirements associated with small scale or single system cryptographic applications will not need to be as elaborate as those required for large and diverse government agencies supported by a number of general support systems and major applications. However, any organization that employs cryptography to provide security services is required to have policy, practices and planning documentation at some level or number of levels.Part 2 of the Recommendation for Key Management first identifies the structural and functional elements common to effective key management systems; second, identifies security planning requirements, general security policies and practices necessary to effective institutional key management; and finally, offers suggestions regarding how key management policies and procedures might be incorporated into security planning documentation that is already required by various Federal laws and directives.
Special Publication (NIST SP) - 800-57 Pt2
Report Number
800-57 Pt2


accreditation, certification, cryptographic key, digital signature, key management, key management policy, public key, public key infrastructure, security plan


Barker, E. , Barker, W. , Burr, W. , Polk, W. and Smid, M. (2005), Recommendation for Key Management - Part 2: Best Practices for Key Management Organization, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], (Accessed June 13, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created August 24, 2005, Updated October 12, 2021