Key Management: General 4

1.5 Content and Organization

Part 1, General Guidance, contains basic key management guidance. It is intended to advise developers and system administrators on the best practices associated with key management. • Section 1 , Introduction, establishes the purpose, scope and intended audience of the Recommendation for Key Management • Section 2 , Glossary of Terms and Acronyms, provides definitions of terms and acronyms used in this part of the Recommendation for Key Management. The reader should be aware that the terms used in this Recommendation might be defined differently in other documents. • Section 3 , Security Services, defines the security services that may be provided using cryptographic mechanisms. • Section 4 , Cryptographic Algorithms, provides background information regarding the cryptographic algorithms that use cryptographic keying material. • Section 5 , General Key Management Guidance, classifies the different types of keys and other cryptographic information according to their uses, discusses cryptoperiods and recommends appropriate cryptoperiods for each key type, provides recommendations and requirements for other keying material, introduces assurance of domain-parameter and public-key validity, discusses the implications of the compromise of keying material, and provides guidance on cryptographic algorithm strength selection implementation and replacement. • Section 6 , Protection Requirements for Cryptographic Information, specifies the protection that each type of information requires and identifies methods for providing this protection. These protection requirements are of particular interest to cryptographic module vendors and application implementers. • Section 7 , Key State and Transitions, identifies the states in which a cryptographic key may exist during its lifetime. • Section 8 , Key Management Phases and Functions, identifies four phases and a multitude of functions involved in key management. This section is of particular interest to cryptographic module vendors and developers of cryptographic infrastructure services. • Section 9 , Accountability, Audit, and Survivability, discusses three control principles that are used to protect the keying material identified in Section 5.1. • Section 10 , Key Management Specifications for Cryptographic Devices or Applications, specifies the content and requirements for key management specifications. Topics covered include the communications environment, component requirements, keying material storage, access control, accounting, and compromise recovery. Appendices A and B are provided to supplement the main text where a topic demands a more detailed treatment. Appendix C contains a list of appropriate references, and Appendix D contains a list of changes since the originally published version of this document. Key Management: General 5 2 Glossary of Terms and Acronyms