Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
March, 2007<br />
1.2 Audience<br />
The audiences for the Recommendation for Key Management include system or application<br />
owners and managers, cryptographic module developers, protocol developers, and system<br />
administrators. The recommendation has been provided in three parts. The different parts into<br />
which the recommendation has been divided have been tailored to specific audiences.<br />
<strong>Part</strong> 1 of this recommendation provides general key management guidance that is intended to be<br />
useful to both system developers and system administrators. Cryptographic module developers<br />
may benefit from this general guidance through a greater understanding of the key management<br />
features that are required to support specific intended ranges of applications. Protocol developers<br />
may identify key management characteristics associated with specific suites of algorithms and<br />
gain a greater understanding of the security services provided by those algorithms. System<br />
administrators may use this recommendation to determine which configuration settings are most<br />
appropriate for their information.<br />
<strong>Part</strong> 2 of this recommendation is tailored for system or application owners for use in identifying<br />
appropriate organizational key management infrastructures, establishing organizational key<br />
management policies, and specifying organizational key management practices and plans.<br />
<strong>Part</strong> 3 of this recommendation is intended to provide guidance to system administrators<br />
regarding the use of cryptographic algorithms in specific applications, the selection of products<br />
to satisfy specific operational environments, and the appropriate configuration of the products.<br />
Though some background information and rationale are provided for context and to support<br />
recommendations, this document assumes that the reader has a basic understanding of<br />
cryptography. For background material, readers may look to a variety of NIST and commercial<br />
publications. [SP800-21] includes a brief introduction to cryptography. [SP800-5] and [SP800-<br />
32] provide an introduction to public key infrastructure. A mathematical review of cryptography<br />
and cryptographic algorithms is found in [HAC] and [AC].<br />
1.3 Scope<br />
This recommendation encompasses cryptographic algorithms, infrastructures, protocols, and<br />
applications, and the management thereof. All cryptographic algorithms currently Approved by<br />
NIST for the protection of unclassified but sensitive information are in scope.<br />
This recommendation focuses on issues involving the management of cryptographic keys: their<br />
generation, use, and eventual destruction. Related topics, such as algorithm selection and<br />
appropriate key size, cryptographic policy, and cryptographic module selection, are also included<br />
in this recommendation. Some of the topics noted above are addressed in other NIST standards<br />
and guidance. This recommendation supplements more focused standards and guidelines.<br />
This recommendation does not address implementation details for cryptographic modules that<br />
may be used to achieve the security requirements identified. These details are addressed in<br />
[SP800-21], [FIPS140-2], and the derived test requirements (available at<br />
http://csrc.nist.gov/cryptval/).<br />
This recommendation also does not address the requirements or procedures for operating an<br />
archive other than discussing the types of keying material that are appropriate to include in an<br />
archive and the protection to be provided to the archived keying material.<br />
16