« GoogleとAppleのCOVID-19 "Exposure Notifications" APIの提携の話・・・ | Main | 米国保険福祉省がHIPPA対応の参考のためのサイバーセキュリティガイダンスを公表していますね。 »

2020.05.08

NIST SP 800-57 Part 1 Rev. 5 Recommendation for Key Management: Part 1 – General

こんにちは、丸山満彦です。

NISTが SP 800-57 Part 1 Rev. 5 Recommendation for Key Management: Part 1 – Generalを公開していますね。

NIST - ITL

・2020.05.04 (publication) SP 800-57 Part 1 Rev. 5 Recommendation for Key Management: Part 1 – General

-----
Abstract

This Recommendation provides cryptographic key-management guidance. It consists of three parts. Part 1 provides general guidance and best practices for the management of cryptographic keying material, including definitions of the security services that may be provided when using cryptography and the algorithms and key types that may be employed, specifications of the protection that each type of key and other cryptographic information requires and methods for providing this protection, discussions about the functions involved in key management, and discussions about a variety of key-management issues to be addressed when using cryptography. Part 2 provides guidance on policy and security planning requirements for U.S. Government agencies. Part 3 provides guidance when using the cryptographic features of current systems.
-----

Publication:
 SP 800-57 Part 1 Rev. 5 (DOI)
 Local Download

Supplemental Material:
None available

Other Parts of this Publication:
 SP 800-57 Part 2 Rev. 1
 SP 800-57 Part 3 Rev. 1

Document History:
10/08/19: SP 800-57 Part 1 Rev. 5 (Draft)
05/04/20: SP 800-57 Part 1 Rev. 5 (Final)

Table of Contents

Executive Summary

1 Introduction

 1.1 Purpose

 1.2 Audience

 1.3 Scope

 1.4 Purpose of FIPS and NIST Recommendations (NIST Standards)

 1.5 Content and Organization

2 Glossary of Terms and Acronyms

 2.1 Glossary

 2.2 Acronyms

3 Security Services

 3.1 Confidentiality

 3.2 Data Integrity

 3.3 Authentication

 3.4 Authorization

 3.5 Non-repudiation

 3.6 Support Services

 3.7 Combining Services

4 Cryptographic Algorithms

 4.1 Cryptographic Hash Functions

 4.2 Symmetric-Key Algorithms

 4.3 Asymmetric-Key Algorithms

 4.4 Random Bit Generation.

5 General Key-Management Guidance

 5.1 1 Key Types and Other Information.

  5.1.1 Cryptographic Keys

  5.1.2 Other Related Information

 5.2 Key Usage

 5.3 Cryptoperiods

  5.3.1 Factors Affecting Cryptoperiods.

  5.3.2 Consequence Factors Affecting Cryptoperiods

  5.3.3 Other Factors Affecting Cryptoperiods

   5.3.3.1 Communications versus Storage

   5.3.3.2 Cost of Key Revocation and Replacement

  5.3.4 Asymmetric Key Usage Periods and Cryptoperiods

  5.3.5 Symmetric Key Usage Periods and Cryptoperiods

  5.3.6 Cryptoperiod Recommendations for Specific Key Types

  5.3.7 Recommendations for Other Related Information

 5.4 Assurances

  5.4.1 Assurance of Integrity (Integrity Protection)

  5.4.2 Assurance of Domain Parameter Validity

  5.4.3 Assurance of Public-Key Validity

  5.4.4 Assurance of Private-Key Possession.

  5.4.5 Key Confirmation

 5.5 Compromise of Keys and other Keying Material

  5.5.1 Implications.

  5.5.2 Protective Measures

 5.6 Guidance for Cryptographic Algorithm and Key-Size Selection

  5.6.1 Comparable Algorithm Strengths.

   5.6.1.1 Security Strengths of Symmetric Block Cipher and Asymmetric-Key Algorithms

   5.6.1.2 Security Strengths of Hash Functions and Hash-based Functions.

  5.6.2 Using Algorithm Suites and the Effective Security Strength

  5.6.3 Projected Security Strength Time Frames and Current Approval Status

  5.6.4 Transitioning to New Algorithms and Key Sizes in Systems.

  5.6.5 Decrease of Security Strength Over Time

6 Protection Requirements for Key Information.

 6.1 Protection and Assurance Requirements.

  6.1.1 Summary of Protection and Assurance Requirements for Cryptographic Keys

  6.1.2 Summary of Protection Requirements for Other Related Information

 6.2 Protection Mechanisms

  6.2.1 Protection Mechanisms for Key Information in Transit.

   6.2.1.1 Availability.

   6.2.1.2 Integrity

   6.2.1.3 Confidentiality

   6.2.1.4 Association with Usage or Application

   6.2.1.5 Association with Other Entities

   6.2.1.6 Association with Other Related Key Information

  6.2.2 Protection Mechanisms for Key Information in Storage

   6.2.2.1 Availability.

   6.2.2.2 Integrity

   6.2.2.3 Confidentiality.

   6.2.2.4 Association with Usage or Application

   6.2.2.5 Association with the Other Entities

   6.2.2.6 Association with Other Related Key Information

  6.2.3 Metadata for Keys

7 Key States and Transitions

 7.1 Pre-activation State

 7.2 Active State

 7.3 Suspended State

 7.4 Deactivated State

 7.5 Compromised State

 7.6 Destroyed State

8 Key-Management Phases and Functions

 8.1 Pre-operational Phase

  8.1.1 Entity Registration Function.

  8.1.2 System Initialization Function

  8.1.3 Initialization Function.

  8.1.4 Keying-Material Installation Function

  8.1.5 Key Establishment Function.

   8.1.5.1 Generation and Distribution of Asymmetric Key Pairs

    8.1.5.1.1 Distribution of Public Keys

    8.1.5.1.2 Distribution of Ephemeral Public Keys

    8.1.5.1.3 Distribution of Centrally Generated Key Pairs.

   8.1.5.2 Generation and Distribution of Symmetric Keys.

    8.1.5.2.1 Key Generation.

    8.1.5.2.2 Key Distribution

    8.1.5.2.3 Key Agreement.

   8.1.5.3 Generation and Distribution of Other Keying Material

    8.1.5.3.1 Domain Parameters

    8.1.5.3.2 Initialization Vectors

    8.1.5.3.3 Shared Secrets

    8.1.5.3.4 RBG Seeds

    8.1.5.3.5 Other Public and Secret Information

    8.1.5.3.6 Intermediate Results.

    8.1.5.3.7 Random Bits/Numbers

    8.1.5.3.8 Passwords.

  8.1.6 Key Registration Function

 8.2 Operational Phase

  8.2.1 Normal Operational Storage Function

   8.2.1.1 Cryptographic Module Storage

   8.2.1.2 Immediately Accessible Storage Media

  8.2.2 Continuity of Operations Function

   8.2.2.1 Backup Storage.

   8.2.2.2 Key Recovery Function

  8.2.3 Key Change Function

   8.2.3.1 Re-keying

   8.2.3.2 Key Update Function

  8.2.4 Key Derivation Methods

 

|

« GoogleとAppleのCOVID-19 "Exposure Notifications" APIの提携の話・・・ | Main | 米国保険福祉省がHIPPA対応の参考のためのサイバーセキュリティガイダンスを公表していますね。 »

Comments

Post a comment



(Not displayed with comment.)




« GoogleとAppleのCOVID-19 "Exposure Notifications" APIの提携の話・・・ | Main | 米国保険福祉省がHIPPA対応の参考のためのサイバーセキュリティガイダンスを公表していますね。 »