NIST SP 800-130

From IDESG Wiki
Jump to navigation Jump to search

Title: A Framework for Designing Cryptographic Key Management Systems


Category: Security Control Implementation Guide


Date: 4/1/2012


Creator: NIST


URL: http://csrc.nist.gov/publications/drafts/800-130/second-draft_sp-800-130_april-2012.pdf


Description: A set of documentation requirements that can be used to express the design of a cryptographic key management system (CKMS). The CKMS is the policies, procedures, components and devices that together provide the functionality of the CKMS. As with IETF RFC 3647, this is not a design or set of functional requirements, but a framework for specifying requirements. The scope of a CKMS includes protection of both cryptographic keys as well as the metadata associated with those keys, such as the digital identity associated with the key. The link between a key and selected metadata elements is called a trusted association, a traditional example of such a trusted association would be an X.509 digital certificate, which links the subject identity with their public key in a trusted fashion.


Privacy: Contains functional requirements related to privacy, requiring the CKMS design to specify the support for the anonymity, unlinkability and unobservability, when it is utilized and how it is technically achieved,


Security:


Interoperability: The purpose of the document is to provide a common means of specifying the design of a CKMS.


Terms: Active State, Algorithm Transition, Application, Archive (key/metadata), Associated Metadata, Association Function, Audit, Authoritative Time Source, Backup (key/metadata), Cryptographic Key Management System, CKMS Component, CKMS Device, CKMS Module, CKMS Profile, Commercial Off-the-shelf, Compromise, Compromised State, Cryptanalyze, Cryptographic Binding (binding), Cryptographic Boundary, Cryptographic Key, Cryptographic Key Management System, Cryptographic Module, Cryptographic Officer, Cryptography, Cryptoperiod, Deactivated State, Designer, Destroyed State, Destroyed Compromised State, Security Domain, Entity, Extensibility, Firewall, Formal Language, Framework, Garbled, Generate Key, Hardening, Hash Value, Identifier, Interoperability, Key Agreement, Key Confirmation, Key Entry, Key Establishment, Key Label, Key Life Cycle State, Key Output, Key Owner, Key Split, Key State Transition, Key Transport, Key Update, Key Wrapping, Least Privilege, Malware, Metadata, Metadata Element, Mode Of Operation, Parameters, Pre-activation State, Privacy, Profile, Qubit, Recover (key/metadata), Registration, Rekey, Renewal, Revoked State, Role, Rootkit, Router, Scalability, Scheme, Sector, Security Domain, Security Policy, Security Strength, Semantics, Standard, Store (key/metadata), Suspended State, Syntax, Trust, Trust Anchor, Trust Anchor Store, Trusted Association, Trusted Channel, Unlinkability, Unobservability, User, Validate