C. References

C. References#

[1] T. Dierks and E. Rescorla, The Transport Layer Security (TLS) Protocol Version 1.2, Internet Engineering Task Force (IETF) Request for Comments (RFC) 5246, August 2008 (Updated October 2015). Available at https://datatracker.ietf.org/doc/rfc5246/

[2] E. Rescorla, The Transport Layer Security (TLS) Protocol Version 1.3, Internet Engineering Task Force (IETF) Request for Comments (RFC) 8446, August 2018. Available at https://datatracker.ietf.org/doc/rfc8446/

[3] B. Carpenter and S. Brim, Middleboxes: Taxonomy and Issues, Internet Engineering Task Force (IETF) Request for Comments (RFC) 3234, February 2002. Available at https://datatracker.ietf.org/doc/rfc3234

[4] Center for Cybersecurity Policy and Law, Enterprise Data Center Transparency and Security Workshop Report, November 2019. Available at https://www.centerforcybersecuritypolicy.org/insights-and-research/enterprise-data-center-transparency-and-security-workshop-summary-report

[5] National Institute of Standards and Technology, Virtual Workshop on Challenges with Compliance, Operations, and Security with TLS 1.3, September 2020. Available at https://www.nccoe.nist.gov/get-involved/attend-events/virtual-workshop-challenges-compliance-operations-and-security-tls-13

[6] Z. Hu, L. Zhu, J. Heidemann, A. Mankin, D. Wessels, and P. Hoffman, Specification for DNS over Transport Layer Security (TLS), Internet Engineering Task Force (IETF) Request for Comments (RFC) 7858, May 2016. Available at https://datatracker.ietf.org/doc/rfc7858/

[7] P. Hoffman and P. McManus, DNS Queries over HTTPS (DoH), Internet Engineering Task Force (IETF) Request for Comments (RFC) 8484, October 2018. Available at https://datatracker.ietf.org/doc/rfc8484/

[8] C. Huitema, S. Dickinson, and A. Mankin, DNS over Dedicated QUIC Connections, Internet Engineering Task Force (IETF) Request for Comments (RFC) 9250, May 2022. Available at https://datatracker.ietf.org/doc/rfc9250/

[9] Joint Task Force Transformation Initiative, Guide for Conducting Risk Assessments, NIST Special Publication (SP) 800-30 Revision 1, September 2012. https://doi.org/10.6028/NIST.SP.800-30r1

[10] E. Barker and A. Roginsky, Transitioning the Use of Cryptographic Algorithms and Key Lengths, NIST Special Publication (SP) 800-131A Revision 2, March 2019. https://doi.org/10.6028/NIST.SP.800-131Ar2

[11] K. McKay and D. Cooper, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations, NIST Special Publication (SP) 800-52 Revision 2, August 2019. https://doi.org/10.6028/NIST.SP.800-52r2

[12] C. Bartle and N. Aviram, Deprecating Obsolete Key Exchange Methods in TLS 1.2, Internet Engineering Task Force (IETF), March 2023. Available at https://www.ietf.org/archive/id/draft-ietf-tls-deprecate-obsolete-kex-02.html

[13] R. Salz and N. Aviram, TLS 1.2 is Frozen, Internet Engineering Task Force (IETF), June 2023. Available at https://www.ietf.org/archive/id/draft-rsalz-tls-tls12-frozen-01.html

[14] S. Rose, O. Borchert, S. Mitchell, and S. Connelly, Zero Trust Architecture, NIST Special Publication (SP) 800-207, August 2020. https://doi.org/10.6028/NIST.SP.800-207

[15] Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1, National Institute of Standards and Technology (NIST), April 2018. https://doi.org/10.6028/NIST.CSWP.6

[16] Joint Task Force, Security and Privacy Controls for Information Systems and Organizations, NIST Special Publication (SP) 800-53 Revision 5, September 2020. https://doi.org/10.6028/NIST.SP.800-53r5

[17] U.S. Department of Commerce, Security Requirements for Cryptographic Modules, Federal Information Processing Standard (FIPS) 140-3, March 2019. https://doi.org/10.6028/NIST.FIPS.140-3

[18] C. Paulson and R. Byers, Glossary of Key Information Security Terms, National Institute of Standards and Technology Interagency Report (NISTIR) 7298 Rev. 3, July 2019. https://doi.org/10.6028/NIST.IR.7298r3

[19] R. Shirey, Internet Security Glossary, Version 2, Internet Engineering Task Force (IETF) Request for Comments (RFC) 4949, August 2007. Available at https://datatracker.ietf.org/doc/rfc4949/

[20] K. Scarfone, M. Souppaya, and M. Fagan, Mapping Relationships Between Documentary Standards, Regulations, Frameworks, and Guidelines: Developing Cybersecurity and Privacy Concept Mappings National Institute of Standards and Technology Interagency Report (NISTIR) 8477, February 2024. https://doi.org/10.6028/NIST.IR.8477