NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Recommendation for Key Management - Part 2: Best Practices for Key Management Organization

Published

Author(s)

Elaine B. Barker, William C. Barker, William E. Burr, William Polk, Miles E. Smid

Abstract

Best Practices for Key Management Organization, Part 2 of the Recommendation for Key Management is intended primarily to address the needs of system owners and managers. It provides context, principles, and implementation guidelines to assist in implementation and management of institutional key management systems. It identifies applicable laws and directives concerning security planning and management, and suggests approaches to satisfying those laws and directives with a view to minimizing the impact of management overhead on organizational resources and efficiency. This guideline acknowledges that planning and documentation requirements associated with small scale or single system cryptographic applications will not need to be as elaborate as those required for large and diverse government agencies supported by a number of general support systems and major applications. However, any organization that employs cryptography to provide security services is required to have policy, practices and planning documentation at some level or number of levels.Part 2 of the Recommendation for Key Management first identifies the structural and functional elements common to effective key management systems; second, identifies security planning requirements, general security policies and practices necessary to effective institutional key management; and finally, offers suggestions regarding how key management policies and procedures might be incorporated into security planning documentation that is already required by various Federal laws and directives.
Citation
Special Publication (NIST SP) - 800-57 Pt2
Report Number
800-57 Pt2
NIST Pub Series
Special Publication (NIST SP)
Pub Type
NIST Pubs
Superceded By Publication
Recommendation for Key Management: Part 2 – Best Practices for Key Management Organizations

Download Paper

DOI Link

Keywords

accreditation, certification, cryptographic key, digital signature, key management, key management policy, public key, public key infrastructure, security plan
Cryptography

Citation

Barker, E. , Barker, W. , Burr, W. , Polk, W. and Smid, M. (2005), Recommendation for Key Management - Part 2: Best Practices for Key Management Organization, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-57p2 (Accessed October 9, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created August 24, 2005, Updated October 12, 2021
Was this page helpful?