Yesterday The National Institute of Standards and Technology released a new Special Publication ( SP 1800 – 16 ), guideline style, addressing security best practices and recommendations for managing almost everything around TLS and digital certificates.
This extraordinary guideline was written in collaboration with Digicert, Venafi, Thales, F5, MITRE, Symantec. All of them well known technology and security companies around the world.
The document has 4 different parts:
- An Executive Summary
- Security Risks and Recommended Best Practices
- Approach, Architecture and Security Characteristics
- How-to Guides.
This is a must for the administration of large-scale TLS server certificates, how to establish a formal TLS certificate management program and it also enumerates all elements that should be considered for inclusion in such a program.
It addresses some specific challenges like: The automatic renewal of digital certificates in production environments, working with DevOps and TLS certificates, implementing an architecture to be protected of attacks hidden in TLS connection tunnels, recommendations for key-lenght, signing algorithms, validity periods in digital certificates, recommendation for crypto-agility (a very popular topic in cryptography these days) and much more.
You can download the complete document directly from its site:
https://www.nist.gov/publications/securing-web-transactions-tls-server-certificate-management