An update to a document that helps computer administrators maintain the security of information traveling across their networks just released from the National Institute of Standards and Technology (NIST).
The document, “NIST Special Publication 800-52 Revision 1: Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations,” updates the original SP 800-52, released in 2005.
From credit card numbers to patient health information to social networking details, data need protection when transmitted across an insecure network, so administrators employ protocols that reduce the risk of bad guys intercepting that data and using it maliciously.
TLS, a standard specified by the Internet Engineering Task Force, defines the method by which client and server computers establish a secure connection with one another to protect data passed back and forth. TLS works across a wide variety of everyday applications, including email, secure web browsing, instant messaging and voice-over-IP (VOIP).
The Internet Engineering Task Force found vulnerabilities in TLS 1.0, one of the most widely used protocols, and updated it to TLS 1.1 and then TLS 1.2 to resolve many of these security issues. SP 800-52 Rev. 1 offers guidance to administrators on how to use the new versions of TLS in their networks.
“TLS 1.1 and 1.2 offer administrators a great number of options,” said NIST computer security researcher Andrew Regenscheid. “We make recommendations in SP 800-52 Rev. 1 on how to configure those options, including which algorithms to use and the length of cryptographic keys.”
NIST published the original version of SP 800-52 in 2005, but withdrew it in March 2013 because the guideline had not yet been updated based on the new versions of TLS and known vulnerabilities. This new publication is the final version of SP 800-52 Rev. 1, which incorporates public comments to the draft version made in the fall of 2013.
Chief among the changes in SP 800-52 are the recommendations that government servers and clients move to TLS 1.1 and 1.2. It also recommends they adopt cipher suites with NIST-approved algorithms to support 112-bit security strength and higher.
Click here to download the updated version.