NIST National Cybersecurity Center of Excellence (NCCoE) published on 18 July 2019 the final draft of the NIST SP 1800-16, which is open for comments until 13 September 2019.
The full draft comprises the following volumes:
- SP 1800-16A: Executive Summary
- SP 1800-16B: Security Risks and Recommended Best Practices
- SP 1800-16C: Approach, Architecture, and Security Characteristic
- SP 1800-16D: How-To-Guides
The Importance of NIST SP 1800-16
This is point where you might say “Why do I need one more publication for cryptographic material management or certificate management?” Well, on the surface you may be right, but…
Existing NIST publications, such as FIPS 140-2, SP 800-53, SP 800-57 Parts 1 & 2, Cybersecurity Framework are designed mostly for crypto managers, while SP 800-52 deals with the secure implementation and configuration of TLS servers.
"NIST SP 1800-16 has a business-oriented purpose."
The publication demonstrates, using commercially available technologies, how medium and large enterprises that rely on TLS can secure both customer-facing and internal applications and can better manage TLS server certificates by:
- Defining operational and security policies; identifying roles and responsibilities.
- Establishing comprehensive certificate inventories and ownership tracking.
- Conducting continuous monitoring of certificate operational and security status.
- Automating certificate management to minimize human error and maximize efficiency on a large scale.
- Enabling rapid migration to new certificates and keys when cryptographic mechanisms are found to be weak, compromised or vulnerable.
This practice guide can benefit executives, Chief Information Security Officers, system administrators, or anyone who has a stake in protecting his or her organization's data, privacy, and overall operational security.
"The executive summary is a perfect tool to reach out to your executives and gain their sponsorship."
It is written in simple language, providing in just three pages, all there is to know about certificate management, risks and solutions. It can be perfect for educating your bosses.
Volume B provides best practices and recommendations on how to develop policies for certificate management. Most certificate owners are typically not knowledgeable about the best practices for effectively managing TLS server certificates. Because certificate owners are responsible for the systems where certificates are deployed, it is imperative that they be provided with clear requirements and that those requirements be enforced as policies. This volume provides recommended TLS server certificate requirements and policies.
These requirements are bonded with recommended responsibilities for the certificate owners and the Certificate Services team in order to successfully meet those requirements and policies. Organizations should feel free to plagiarize, copy, delete, augment, or modify these recommended policies and responsibilities as needed to suit their own requirements.
It isn’t necessary to implement all requirements
First of all you need to identify your stakeholders who are needed to define and enforce your policies. Pick the policies you need, the ones that better address the most important risks to your organizations, modify and/or enhance the text to fit the needs of your organization. Then, you need to review the tailored requirements with all stakeholders so as to determine whether they are achievable, and they address your organizational risks. As a final step, you should define who is responsible to do what. Accountability is the factor that drives success.
Finally, organizations can advance their TLS management efforts by reading Volume C which explains the approach, architecture, and security characteristics, and Volume D which contains the how-to-guides to build the example solutions.
The Case for NIST SP 1800-16
The internet has enabled rapid, seamless commerce across the globe. This is possible only because connections across the internet are trusted to be secure. Transport Layer Security (TLS) is fundamental to this trust. TLS, in turn, depends on TLS certificates. Organizations must deploy TLS certificates and corresponding private keys to their systems to provide them with unique identities that can be reliably authenticated. The TLS certificate enables anybody connecting to a system to know that they are sending their data to the right place. In addition, it also enables establishment of secure connections so that no one in the middle can eavesdrop on communications.
Even though TLS certificates are critical to the security of both internet-facing and private web services,
"many organizations do not have the ability to centrally monitor and manage their certificates."
Instead, certificate management tends to be spread across different groups responsible for the various servers and systems in an organization, which even worse might be geographically distant. Central security teams struggle to make sure that certificates are being properly managed by each of these disparate groups.
TLS Certificate Risks
This lack of a central certificate management service puts the organization at risk because once certificates are deployed, they require regular monitoring and maintenance.
Organizations that improperly manage their certificates risk system outages and security breaches, which can result in revenue loss, harm to reputation, and exposure of confidential data to attackers. There are four primary types of negative incidents that result from certificate mismanagement:
1. Business application outages due to expired certificates
Nearly every enterprise has experienced an application outage due to an expired certificate, including outages to major applications such as online banking, stock trading, health records access, and flight operations. Troubleshooting an incident where an application is unavailable due to an expired certificate can be complex, often requires hours to discover the source of the problem and costs enormously high amounts of money, not to mention loss of customer trust, and reputational damage.
2. Undetected pivoting by attackers
While TLS server certificates enable confidentiality for legitimate communications, they can also allow attackers to hide their malicious activities within encrypted TLS connections. An attacker who establishes an encrypted connection can then begin to probe the server for vulnerabilities within that encrypted connection
3. Lack of crypto-agility
Organizations need to swiftly change TLS certificates affected by either a CA compromise or a deprecated algorithm (such as SHA-1) or protocol. The advancement of quantum computing makes the requirement of crypto-agility even more mission critical. If organizations require several weeks or even months to replace all affected certificates, during that time business applications can be either unavailable or vulnerable to security breaches.
4. Server impersonation
An attacker may be able to impersonate a legitimate TLS server if the attacker is able to get a fraudulent or a compromised certificate. The attacker, then, can intercept the otherwise encrypted communications and acquire sensitive and valuable information, such as passwords intended for login to the legitimate server.
At the core of the TLS certificate management challenges is the fact that:
"certificate services teams are greatly outnumbered by certificate owners."
TLS server certificates have a broad, enterprise-wide distribution. In addition, the processes needed to manage certificates, the multiple roles involved in certificate management and issuance, and the speed at which new TLS servers are being deployed are making certificate management even more complex and challenging.
TLS server certificates are typically issued by a Certificate Services team (often called PKI team), which is responsible for external and internal CAs, maintaining the certificate portal, running the help desk and assisting/supporting the certificate owners. However, the certificates are commonly installed and managed by the certificate owners, who are the groups and the system administrators responsible for individual web servers, application servers, network appliances, and other devices for which certificates are used.
The certificate owners typically are not knowledgeable about the risks associated with certificates or the best practices for effectively managing certificates.
Because the certificate services teams do not have the resources or access required to directly manage the deployed certificates, they are often engaged in a blame-game when TLS certificate incidents, such as outages, occur.
Policies, Roles and Responsibilities
To effectively address the risks and organizational challenges related to TLS server certificates,
"organizations should establish a formal TLS certificate management program."
This program would fall under your overall machine identity management strategy.
For this program to succeed it is vital to seek and get executive leadership, guidance, and support. The formal TLS certificate management program should include clearly defined policies, processes, and roles and responsibilities for the certificate owners and the Certificate Services team, as well as a central Certificate Service. The program should be driven by the Certificate Services team but should include active participation by the certificate owners, whether they are responsible for traditional servers, appliances, virtual machines, cloud-based applications, DevOps, or other systems acting as TLS servers. It is also important that the various stages of the program run in parallel so as to achieve going live in a coordinated manner and within limited time span.
As mentioned before, in order to ensure the policy implementation, you should make sure to gain sponsorship from your executives so that they understand and support your requirements and responsibilities. Your executive can then educate their bosses about the need for policy requirements and can talk to their peers—the certificate owners executives—about their roles and responsibilities. Executive and leadership sponsorship can help enforce the policies, roles and responsibilities.
Your goal is to achieve enterprise-wide machine identity management to minimize the risks that come with poor certificate management. NIST SP 1800-16 can certainly help you.
NIST SP 1800-16 has been published in the NIST NCCoE website for public comment. The comment period is open until Friday, September 13, 2019. NIST also accepts comments via email at email@example.com.