Recommendation for Key-Derivation Methods in Key-Establishment Schemes: NIST SP 800-56C Aug 2017

FINAL Released April 2018

This Recommendation specifies techniques for the derivation of keying material from a shared secret established during a key-establishment scheme defined in NIST SPs 800-56A or 800-56B. The first category consists of a family of one-step key-derivation functions, which derive keying material of a desired length from a shared secret generated during the execution of a key-establishment scheme (and possibly other information as well). The second category consists of an extraction-then-expansion key-derivation procedure, which involves two steps: 1) Randomness extraction, to obtain a single cryptographic key-derivation key from a shared secret generated during the execution of a key-establishment scheme, and 2) Key expansion, to derive keying material of the desired length from that key-derivation key and other information. Since NIST's SP 800-108] specifies several families of key-derivation functions that are approved for deriving additional keying material from a given cryptographic key-derivation key, those functions are employed in the second (key-expansion) step of these two-step procedures.

In addition to the key-derivation methods whose specifications are provided in this document, SP 800-135] describes several variants (of both the one-step and two-step methods) that are approved for specific applications.

A full copy of all the pertinent cybersecurity standards is available on DVD-ROM in the CyberSecurity Standards Library disc which is available at Amazon.com.

NIST SP 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems

NIST SP 1800-7 Situational Awareness for Electric Utilities

NISTIR 7628 Guidelines for Smart Grid Cybersecurity

DoD Energy Manager's Handbook

FEMP Operations & Maintenance Best Practices

UFC 4-020-01 DoD Security Engineering Facilities Planning Manual

UFC 4-021-02 Electronic Security Systems

GSA GSA Courtroom Technology Manual

Draft NISTIR 8179 Criticality Analysis Process Model

NISTIR 8144 Assessing Threats to Mobile Devices & Infrastructure

NISTIR 8151 Dramatically Reducing Software Vulnerabilities

NIST SP 800-183 Networks of 'Things'

NIST SP 800-184 Guide for Cybersecurity Event Recovery

UFC 4-021-02 Electronic Security Systems by Department of Defense

FC 4-141-05N Navy and Marine Corps Industrial Control Systems Monitoring Stations

UFC 4-010-01 DoD Minimum Antiterrorism Standards for Buildings

UFC 4-020-01 DoD Security Engineering Facilities Planning Manual

UFC 3-430-08N Central Heating Plant

UFC 3-410-01 Heating, Ventilating, and Air Conditioning Systems

UFC 3-810-01N Navy and Marine Corps Environmental Engineering for Facility Construction

UFC 3-730-01 Programming Cost Estimates for Military Construction

UFC 1-200-02 High-Performance and Sustainable Building Requirements

UFC 3-301-01 Structural Engineering

UFC 3-430-02FA Central Steam Boiler Plants

UFC 3-430-11 Boiler Control Systems