Protecting Sensitive Information That is Transmitted Across Networks: NIST Guidance for Selecting and Using Transport Layer Security Implementations | NIST

The protection of sensitive information that is transmitted across interconnected networks is an essential part of an organization’s integrated program for the security of information and information systems. Management, operational, and technical controls are needed throughout the organization to protect information and information systems from threats of all kinds. New guidance recently issued by the Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) helps federal and private sector organizations select and use technical controls at the transport layer of a layered communications protocol stack. Transport layer security (TLS) can be implemented and used effectively to authenticate network servers and clients, and to protect the confidentiality and integrity of data that is exchanged between two communicating information technology (IT) applications. Background on Transport Layer Security (TLS)