New NCCoE Guide Helps Major Industries Observe Incoming Data While Using Latest Internet Security Protocol

Home / Articles / External / Government

Transport Layer Security 1.3
The Transport Layer Security (TLS) protocol allows us to send data over the internet securely, protecting passwords and credit card numbers when we provide them to a site. A new practice guide will help industries perform required monitoring of incoming data for malware while using TLS 1.3, the protocol’s latest version (credit: N. Hanacek/NIST).

February 13, 2024 | Originally published by NIST on January 30, 2024

Companies in major industries such as finance and health care must follow best practices for monitoring incoming data for cyberattacks. The latest internet security protocol, known as TLS 1.3, provides state-of-the-art protection but complicates the performance of these required data audits. The National Institute of Standards and Technology (NIST) has released a practice guide describing methods that are intended to help these industries implement TLS 1.3 and accomplish the required network monitoring and auditing in a safe, secure, and effective fashion.

The new draft practice guide, Addressing Visibility Challenges with TLS 1.3 within the Enterprise (NIST Special Publication (SP) 1800-37), was developed over the past several years at the NIST National Cybersecurity Center of Excellence (NCCoE) with the extensive involvement of technology vendors, industry organizations and other stakeholders who participate in the Internet Engineering Task Force (IETF). The guidance offers technical methods to help businesses comply with the most up-to-date ways of securing data that travels over the public internet to their internal servers, while simultaneously adhering to financial industry and other regulations that require continuous monitoring and auditing of this data for evidence of malware and other cyberattacks.

Focus Areas