 NIST NCCoE Publishes Final SP 1800-37, Addressing Visibility Challenges with TLS 1.3
The NIST National Cybersecurity Center of Excellence (NCCoE) has released the final practice guide, NIST SP 1800-37, Addressing Visibility Challenges with TLS 1.3. This practice guide illustrates practical approaches that users can adopt to gain visibility into Transport Layer Security (TLS) 1.3-protected network traffic for application servers within their controlled enterprise data centers.
Many enterprises rely on network monitoring and inspection tools to implement critical cybersecurity, operational, and regulatory controls, such as intrusion detection, troubleshooting, and fraud monitoring. Some of these organizations have faced challenges migrating to TLS 1.3 because some of the techniques used with TLS 1.2 to gain network traffic visibility no longer work with TLS 1.3. NIST collaborated with private sector collaborators to demonstrate that necessary visibility within the enterprise can be achieved while implementing TLS 1.3.
Working with private sector collaborators, NIST demonstrated approaches to achieve visibility into network traffic within enterprise data centers, while promoting enterprise migration from TLS 1.2 to TLS 1.3. Addressing these visibility concerns also enables organizations to migrate to quantum resistant algorithms introduced in TLS 1.3.
NIST Cybersecurity and Privacy Program
Questions/Comments about this notice: applied-crypto-visibility@nist.gov
NCCoE Website questions: nccoe@nist.gov
|
