NIST's current standard calls for federal agencies to support Transport Layer 1.0 encryption, but the updated version is going to require TLS 1.1 and 1.2, says Tim Polk, computer scientist and group manager for NIST's cryptology technology group. Since websites and browsers support secure communications through TLS, government agencies that haven't already moved to TLS 1.1 and 1.2 need to be aware that they are going to have to in the future, Polk advises.

NEWS:

The new federal government standard, when finalized -- this typically occurs within six months of the release of a draft for public review -- will make it clear there's a time frame that websites and browsers should be up to date. On new requirements.

"Older Web servers probably don't support ," says Polk. He adds that there are probably some agencies that will need to have to acquire new Web products to support up-to-date TLS. NIST's document expected to be published in September on all this is tentatively entitled "Guidelines for Selection, Configuration and Use of Transport Layer Security Implementations."

The phrase "SSL" technology rather than "TLS" is still often heard, although SSL is a misnomer harking back to the old tech days of Netscape's SSL invention. TLS implementations in older Web servers and browsers are more subject to certain cyberattacks, and that's one main reason to support up-to-date TLS, Polk says.