TRENDING:

Tips for Cryptographic Key Management

NIST Guidance Offers a Framework for Designers Eric Chabrow (GovInfoSecurity) • August 26, 2013    
Tips for Cryptographic Key Management

The National Institute of Standards and Technology has issued new guidance for designing cryptographic key management systems.

See Also: Live Webinar | Generative AI: Myths, Realities and Practical Use Cases

NIST Special Publication 800-130, A Framework for Designing Cryptographic Key Management Systems, describes topics that designers should consider when developing specifications.

NIST says the goal of the framework is to guide designers in creating a complete, uniform specification that can be used to build, procure and evaluate the desired cryptographic key management system. The framework:

  • Helps define the design task by requiring the specification of significant capabilities;
  • Encourages designers to consider the factors needed in a comprehensive cryptographic key management system;
  • Spurs designers to consider factors and mechanisms that, if properly addressed, can provide security to the system;
  • Compares different compliant cryptographic key management system systems and their capabilities;
  • Aids in performing a security assessment by requiring the specification of implemented and supported cryptographic key management system capabilities; and
  • Forms the basis for a federal cryptographic key management system profile.

"For each topic, there are one or more documentation requirements that need to be addressed by the design specification," the guidance says. "Thus, any CKMS that addresses each of these requirements would have a design specification that is compliant with this framework."

Previous
DoD Taps New Leader for Info Sharing Program
Next
Employing Roaming as Backup to Mobile Networks

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.



Around the Network

Protocol Isolation: The Key to Securing OT Environments
Protocol Isolation: The Key to Securing OT Environments
Mapping Access - and Attack - Paths in Active Directory
Mapping Access - and Attack - Paths in Active Directory
Why Hospitals Should Beware of Malicious AI Use
Why Hospitals Should Beware of Malicious AI Use
Stopping Cloud Workload Attacks
Stopping Cloud Workload Attacks
How AI Can Help Speed Up Physician Credentialing Chores
How AI Can Help Speed Up Physician Credentialing Chores
Getting a Tighter Grip on Vendor Security Risk in Healthcare
Getting a Tighter Grip on Vendor Security Risk in Healthcare
AI in Healthcare: The Growing Promise - and Potential Risks
AI in Healthcare: The Growing Promise - and Potential Risks
How State Governments Can Regulate AI and Protect Privacy
How State Governments Can Regulate AI and Protect Privacy
Joe Sullivan on What CISOs Need to Know About the Uber Trial
Joe Sullivan on What CISOs Need to Know About the Uber Trial
How Biden's AI Executive Order Will Affect Healthcare
How Biden's AI Executive Order Will Affect Healthcare

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.