Tips for Cryptographic Key ManagementNIST Guidance Offers a Framework for Designers
The National Institute of Standards and Technology has issued new guidance for designing cryptographic key management systems.
NIST Special Publication 800-130, A Framework for Designing Cryptographic Key Management Systems, describes topics that designers should consider when developing specifications.
NIST says the goal of the framework is to guide designers in creating a complete, uniform specification that can be used to build, procure and evaluate the desired cryptographic key management system. The framework:
- Helps define the design task by requiring the specification of significant capabilities;
- Encourages designers to consider the factors needed in a comprehensive cryptographic key management system;
- Spurs designers to consider factors and mechanisms that, if properly addressed, can provide security to the system;
- Compares different compliant cryptographic key management system systems and their capabilities;
- Aids in performing a security assessment by requiring the specification of implemented and supported cryptographic key management system capabilities; and
- Forms the basis for a federal cryptographic key management system profile.
"For each topic, there are one or more documentation requirements that need to be addressed by the design specification," the guidance says. "Thus, any CKMS that addresses each of these requirements would have a design specification that is compliant with this framework."