Guidelines for the selection, configuration, and use of Transport Layer Security (TLS) implementations

McKay, Kerry A.; Cooper, David A.

doi:10.6028/nist.sp.800-52r2

Cited by 21 publications

(21 citation statements)

References 51 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…This practice guide implemented PR.DS-2 and PR.DS-P2 to ensure that data-in-transit are protected. HDOs connecting to cloud-hosted consoles used TLS 1.2 [26]. The telehealth platform provider assured implementation of PR.DS-3 and PR.DS-P3 for RPM biometric devices deployed to the patient home.…”

Section: Data Security (Prds and Prds-p)mentioning

confidence: 99%

Securing telehealth remote patient monitoring ecosystem

Cawthra¹,

Grayson²,

Pulivarti³

et al. 2022

View full text Add to dashboard Cite

Increasingly, healthcare delivery organizations (HDOs) are relying on telehealth and remote patient monitoring (RPM) capabilities to treat patients at home. RPM is convenient and cost-effective, and its adoption rate has increased since the onset of the COVID-19 pandemic. Without adequate privacy and cybersecurity measures, however, unauthorized individuals may expose sensitive data or disrupt patient monitoring services. In collaboration with industry partners, the National Cybersecurity Center of Excellence (NCCoE) built a laboratory environment to demonstrate how HDOs can implement cybersecurity and privacy controls to enhance telehealth RPM resiliency. CHALLENGETelehealth RPM solutions deploy components across multiple infrastructure domains that are maintained uniquely. When HDOs deploy RPM solutions, those solutions implement architectures that distribute components across the HDO, telehealth platform providers, and patient homes. Each of these respective environments is managed by different groups of people, often with different sets of resources and technical capabilities. Risks are distributed across the solution architecture, and the methods by which one may mitigate those risks vary in complexity. While HDOs do not have the ability to manage and deploy privacy and cybersecurity controls unilaterally, they retain the responsibility to ensure that appropriate controls and risk mitigation are applied. This practice guide can help your organization: Identify risks associated with the solution architecture  Apply the NIST Privacy Framework to broaden understanding of risk  Assure that HDOs partner with appropriate telehealth platform providers to extend privacy and cybersecurity control deployment, management, and efficacy  Consider future technologies that augment data communications safeguards SOLUTIONTechnology solutions alone may not be sufficient to maintain privacy and security controls on external environments. This practice guide notes the involvement of people, process, and technology as necessary to implement a holistic risk mitigation strategy. When developing this practice guide, the NCCoE team applied risk assessment approaches to determine where risks may occur and used assessment processes to identify applicable controls.The NCCoE collaborated with healthcare, technology, and telehealth partners to build a distributed RPM solution. The RPM solution implemented controls that safeguard the HDO environment and documented approaches that the telehealth platform provider addresses. Telehealth platform providers assure that RPM components are isolated within the patient home environment. The telehealth platform provider assures end-to-end data security between the patient and the HDO.This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.1800-30.cybersecurity challenge we address, our approach to solving this challenge, and how the solution could benefit your organization.Technology, security, and privacy program managers who are concerned with how to identify, under...

show abstract

Section: Data Security (Prds and Prds-p)mentioning

confidence: 99%

Securing telehealth remote patient monitoring ecosystem

Cawthra¹,

Grayson²,

Pulivarti³

et al. 2022

View full text Add to dashboard Cite

show abstract

“…No caso deste trabalho houve o cuidado de se habilitar somente o protocolo TLS v1.2 ou acima (o protocolo TLS v1.3 ainda não é suportado pela maioria das bibliotecas disponíveis para o ESP32) e em não utilizar versões vulneráveis dos algoritmos de criptografia [24] [25].…”

Section: Conclus ãOunclassified

Comunicações seguras entre dispositivos IoT utilizando o ESP32

Rosa¹,

Teixeira²,

Júnior³

2022

View full text Add to dashboard Cite

show abstract

“…It is important that the secret is protected from interception by attackers. This can be done by a NIST-recommended authenticated protected channel, such as TLS [17].…”

Section: Memorized Secretsmentioning

confidence: 99%

(Draft) Identity as a Service for Public Safety Organizations

Fisher¹,

Brown²,

Russell³

et al. 2021

Preprint

View full text Add to dashboard Cite

There may be references in this publication to other publications currently under development by NIST in accordance with its assigned statutory responsibilities. The information in this publication, including concepts and methodologies, may be used by federal agencies even before the completion of such companion publications. Thus, until each publication is completed, current requirements, guidelines, and procedures, where they exist, remain operative. For planning and transition purposes, federal agencies may wish to closely follow the development of these new publications by NIST.Organizations are encouraged to review all draft publications during public comment periods and provide feedback to NIST. Many NIST cybersecurity publications, other than the ones noted above, are available at https://csrc.nist.gov/publications.

show abstract

Guidelines for the selection, configuration, and use of Transport Layer Security (TLS) implementations

Cited by 21 publications

References 51 publications

Securing telehealth remote patient monitoring ecosystem

Securing telehealth remote patient monitoring ecosystem

Comunicações seguras entre dispositivos IoT utilizando o ESP32

(Draft) Identity as a Service for Public Safety Organizations

Contact Info

Product

Resources

About