The National Institute of Standards and Technology Special Publication (SP) 800-57 Part 1 Revision 5, Recommendation for Key Management: Part 1 – General provides general guidance and best practices for the management of cryptographic keying material.
Among other changes, NIST announced this revision emphasizes the protection needed for the metadata associated with keys and includes discussions on access control, identity authentication; inventory management for keys and certificates; provides guidance consistent with – Federal Information Processing Standards (FIPS) Publication 201, Personal Identity Verification (PIV) of Federal Employees and Contractors, and – SP 800-63, Digital Identity Guidelines.
Appendix C contains a complete list of changes.
The draft recommendation consists of three parts.
Part 1 provides general guidance and best practices for management of cryptographic keying material, including:
- definitions of the security services that may be provided when using cryptography and the algorithms and key types that may be employed;
- specifications of the protection that each type of key and other cryptographic information requires and methods for providing this protection;
- discussions about the functions involved in key management; and
- discussions about a variety of key-management issues to be addressed when using cryptography.
Part 2 provides guidance on policy and security planning requirements for U.S. Government agencies.
Part 3 provides guidance when using the cryptographic features of current systems.
Publication details:
https://csrc.nist.gov/publications/detail/sp/800-57-part-1/rev-5/draft
The public comment period for the draft is open through Dec. 6, 2019. Please email comments to: keymanagement@nist.gov