top of page



New US Digital Certificates Best Practices

NIST Practice Guide includes Taproot Security recommendations

Saint Paul, MN, June 17, 2020 –

A new US Practice Guide governing TLS certificate management (SP1800-16) was finalized and published today. It was created by the National Institute of Standards & Technology (NIST) in partnership with security vendors and experts. It incorporates suggestions provided by Taproot Security in 2019.

"I congratulate NIST on completing this important work," said Taproot Security founder Mike McCormick. "TLS (previously known as SSL) is the backbone of security and privacy on the Internet, and digital certificates are the foundation of TLS. If they are managed improperly, TLS fails, while still giving users a false sense of security (e.g., browser padlock icon)."


The NIST announcement can be found at


​About Taproot Security


Taproot Security is an information security consulting firm advising industry and government on cyber issues and policy. For more information, please visit




To learn more about this announcement, please contact

Michael McCormick

Founder & President

Taproot Security, LLC


- END -

bottom of page