The National Institute of Standards and Technology’s National Cybersecurity Center of Excellence has released a new draft practice guide to help organizations monitor incoming internet data for evidence of malware and insider threats while using the latest version of the TLS protocol.
NIST said Tuesday the document aims to help companies in finance, healthcare and other industries implement the TLS 1.3 encryption protocol update while maintaining compliance with network monitoring and auditing regulations.
“TLS 1.3 is an important encryption tool that brings increased security and will be able to support post-quantum cryptography,” explained Cherilyn Pascoe, director of the NCCoE.
The document was developed over the past several years at the NCCoE in collaboration with the Internet Engineering Task Force to provide technical methods for auditing incoming internet traffic while using TLS 1.3.
“This collaborative project focuses on ensuring that organizations can use TLS 1.3 to protect their data while meeting requirements for auditing and cybersecurity,” Pascoe said.
Comments on the draft practice guide are due April 1.
