Standards & Compliance

The Baseline Requirements define the minimum standards every publicly-trusted CA must follow for TLS certificate issuance. Here's what they mandate, how they're enforced, and what happens when CAs violate them.

HIPAA requires encryption as an 'addressable' safeguard for protected health information. Here's what that actually means, what NIST standards apply, and where healthcare organizations fail on encryption.

KMIP standardizes how applications communicate with key management systems for creating, storing, and retrieving cryptographic keys. Here's how it works, what operations it supports, and where it fits in enterprise key management.

NIST SP 800-57 defines how cryptographic keys should be managed throughout their lifecycle: generation, use, rotation, and destruction. Here's what it recommends, what crypto-periods mean, and how it applies to certificate and key management.

PCI DSS mandates encryption for cardholder data in transit and at rest. Here's what the standard requires for TLS, key management, and certificate handling, and where organizations fail audits.

FIPS 140 defines security requirements for cryptographic modules (HSMs, software libraries, hardware tokens). Here's what the levels mean, when you need it, and what FIPS compliance actually requires operationally.

PKCS defines formats and interfaces for cryptographic operations: PKCS#7 for signed/encrypted data, PKCS#11 for HSM access, PKCS#12 for key+cert bundles. Here's what each standard does and where you encounter them.

X.509 defines the format for digital certificates used in TLS, code signing, email encryption, and PKI. Here's what's inside an X.509 certificate, how extensions work, and where format issues cause failures.