Overview#NIST.SP.800-57 is a NIST Special Publication titled Recommendation for Key Management
NIST.SP.800-57 is a is a NIST Special Publication series which Consists of Parts
NIST.SP.800-57 Part 1 General#NIST.SP.800-57 Part 1 is intended to advise developers and system administrators on the "best practices" associated with Key Management. Cryptographic module developers may benefit from this general guidance by obtaining a greater understanding of the key management features that are required to support specific, intended ranges of applications. Protocol developers may identify Key Management characteristics associated with specific suites of algorithms and gain a greater understanding of the security services provided by those algorithms.
NIST.SP.800-57 Part 2 Best Practices for Key Management Organizations#NIST.SP.800-57 Part 2 is intended primarily to address the needs of system owners and managers. It provides a framework and general guidance to support establishing cryptographic key management within an organization and a basis for satisfying the key management aspects of statutory and policy security planning requirements for United States federal government Entities.
NIST.SP.800-57 Part 3 Application-Specific Key Management Guidance #NIST.SP.800-57 Part 3 is intended to address the Key Management issues associated with currently available implementations.
NIST.SP.800-57 Part 3 of the Recommendation for Key Management is intended primarily to help system administrators and system installers adequately secure applications based on product availability and organizational needs and to support organizational decisions about future procurements. The guide also provides information for end users regarding application options left under their control in normal use of the application. Recommendations are given for a select set of applications, namely:
- Section 2 - Public Key Infrastructures (PKI)
- Section 3 - Internet Protocol Security (IPsec)
- Section 4 – Transport Layer Security (TLS)
- Section 5 - Secure/Multipurpose Internet Mail Extensions (S/MIME)
- Section 6 – Kerberos
- Section 7 - Over-the-Air Rekeying of Digital Radios (OTAR)
- Section 8 - Domain Name System Security Extensions (DNSSEC)
- Section 9 – Encrypted File Systems (EFS)