NIST SP 800-130: Difference between revisions
m (2 revisions imported: Initial Upload of old pages from IDESG Wiki) |
(No difference)
|
Latest revision as of 04:02, 28 June 2018
Title: A Framework for Designing Cryptographic Key Management Systems
Category: Security Control Implementation Guide
Date: 4/1/2012
Creator: NIST
URL: http://csrc.nist.gov/publications/drafts/800-130/second-draft_sp-800-130_april-2012.pdf
Description: A set of documentation requirements that can be used to express the design of a cryptographic key
management system (CKMS). The CKMS is the policies, procedures, components and devices that together
provide the functionality of the CKMS. As with IETF RFC 3647, this is not a design or set of functional
requirements, but a framework for specifying requirements. The scope of a CKMS includes protection of
both cryptographic keys as well as the metadata associated with those keys, such as the digital identity
associated with the key. The link between a key and selected metadata elements is called a trusted
association, a traditional example of such a trusted association would be an X.509 digital certificate, which
links the subject identity with their public key in a trusted fashion.
Privacy: Contains functional requirements related to privacy, requiring the CKMS design to specify the support for the
anonymity, unlinkability and unobservability, when it is utilized and how it is technically achieved,
Security:
Interoperability: The purpose of the document is to provide a common means of specifying the design of a CKMS.
Terms: Active State, Algorithm Transition, Application, Archive (key/metadata), Associated Metadata, Association Function, Audit, Authoritative Time Source, Backup (key/metadata), Cryptographic Key Management System, CKMS Component, CKMS Device, CKMS Module, CKMS Profile, Commercial Off-the-shelf, Compromise, Compromised State, Cryptanalyze, Cryptographic Binding (binding), Cryptographic Boundary, Cryptographic Key, Cryptographic Key Management System, Cryptographic Module, Cryptographic Officer, Cryptography, Cryptoperiod, Deactivated State, Designer, Destroyed State, Destroyed Compromised State, Security Domain, Entity, Extensibility, Firewall, Formal Language, Framework, Garbled, Generate Key, Hardening, Hash Value, Identifier, Interoperability, Key Agreement, Key Confirmation, Key Entry, Key Establishment, Key Label, Key Life Cycle State, Key Output, Key Owner, Key Split, Key State Transition, Key Transport, Key Update, Key Wrapping, Least Privilege, Malware, Metadata, Metadata Element, Mode Of Operation, Parameters, Pre-activation State, Privacy, Profile, Qubit, Recover (key/metadata), Registration, Rekey, Renewal, Revoked State, Role, Rootkit, Router, Scalability, Scheme, Sector, Security Domain, Security Policy, Security Strength, Semantics, Standard, Store (key/metadata), Suspended State, Syntax, Trust, Trust Anchor, Trust Anchor Store, Trusted Association, Trusted Channel, Unlinkability, Unobservability, User, Validate