Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Secure Management of Keys in Cryptographic Applications: Guidance for Organizations



Shirley M. Radack


This bulletin summarizes the information presented in NIST Special Publication (SP) 800-57, Recommendation for Key Management, Part 3, Application Specific Key Management Guidance. The publication supplements Parts 1 and 2 of SP 800-57, by providing guidance on the management of keys and the selection of cryptographic features of currently available applications and systems. Part 3 focuses on helping system installers and system administrators select and use currently available key management infrastructures, protocols, and applications. It recommends secure combinations of algorithm suites, key sizes and other related options, and discusses the implementation issues that impact the security effectiveness of an organization s key management processes. The bulletin discusses the currently available key management infrastructures, protocols and applications that are presented in Part 3.
ITL Bulletin -


authentication, authorization, availability, certification, confidentiality, cryptographic key, cryptographic module, cryptography, data integrity, digital signature, encryption, information security, information systems security, key management, private key, public key, public key infrastructure, security plan, validation


Radack, S. (2010), Secure Management of Keys in Cryptographic Applications: Guidance for Organizations, ITL Bulletin, National Institute of Standards and Technology, Gaithersburg, MD, [online], (Accessed April 15, 2024)
Created February 24, 2010, Updated February 19, 2017