February 1, 2024 at 05:44PM
Companies in finance and health care need to adopt TLS 1.3 for cyber security, but it complicates data audits. NIST released guide SP 1800-37 to help implement TLS 1.3 and conduct network monitoring and auditing securely. It addresses challenges, offering techniques for key access and securing data. NIST is seeking public feedback by April 1, 2024.
The meeting notes provide an overview of the National Institute of Standards and Technology’s (NIST) new draft practice guide, “Addressing Visibility Challenges with TLS 1.3 within the Enterprise” (NIST Special Publication (SP) 1800-37). This guide aims to help companies, especially those in major industries like finance and health care, implement TLS 1.3 for securing data while complying with regulations that require continuous monitoring and auditing for cyberattacks.
The guide offers technical methods for businesses to use TLS 1.3 to protect their data while meeting auditing and cybersecurity requirements. It emphasizes the importance of maintaining web security by protecting cryptographic keys and overcoming the challenges posed by TLS 1.3’s update, which does not support the tools necessary for conducting audits. The guide presents six techniques to address these challenges and ensure secure access to the keys for monitoring and audit purposes.
Additionally, the NIST is requesting public comments on the draft practice guide until April 1, 2024. The guide is part of a five-volume series, with two volumes already available and the remaining three targeted at IT professionals and focusing on risk and compliance management.
For questions or to submit comments on the draft practice guide, the authors can be contacted at [email protected].