The National Institute of Standards and Technology’s National Cybersecurity Center of Excellence (NCCoE) has released a draft practice guide to assist major industries in implementing TLS 1.3 [2], the latest internet security protocol [3]. This guide aims to enhance network traffic security by encrypting end-to-end communications and preventing eavesdropping and man-in-the-middle attacks [1].


TLS 1.3 provides advanced protection and supports post-quantum cryptography. It was developed in collaboration with the Internet Engineering Task Force and focuses on ensuring organizations can use TLS 1.3 to protect their data while meeting auditing and cybersecurity requirements [2]. The guide offers six techniques for accessing keys to monitor and audit data, allowing organizations to securely retain data on an internal server for forensic purposes [3]. The NCCoE has collaborated with technology providers like AppViewX to develop standards-compliant architectural models for real-time and post-facto systems monitoring and analytics capabilities [1]. This collaboration ensures that organizations can effectively monitor incoming internet data for malware and insider threats while still being able to audit and comply with network monitoring regulations.


The release of this draft practice guide has significant implications for major industries. By implementing TLS 1.3 [1] [2] [3], organizations can enhance their network traffic security and protect their data from eavesdropping and man-in-the-middle attacks. The guide also provides techniques for monitoring and auditing data, allowing organizations to comply with regulations while retaining data for forensic purposes. This collaboration between the NCCoE and technology providers like AppViewX ensures that organizations have access to standards-compliant architectural models for effective systems monitoring and analytics capabilities. The National Institute of Standards and Technology (NIST) is currently seeking public comments on the draft guide, indicating a commitment to continuous improvement and addressing industry needs. Overall, this guide serves as a valuable resource for organizations looking to strengthen their cybersecurity measures and protect their sensitive information.