.. _References:

C. References 
^^^^^^^^^^^^^^^^^^^^^^

**[1]** T. Dierks and E. Rescorla, *The Transport Layer Security (TLS)
Protocol Version 1.2*, Internet Engineering Task Force (IETF) Request
for Comments (RFC) 5246, August 2008 (Updated October 2015). Available
at https://datatracker.ietf.org/doc/rfc5246/

.. _tls1_3rfc:
**[2]** E. Rescorla, *The Transport Layer Security (TLS) Protocol Version
1.3*, Internet Engineering Task Force (IETF) Request for Comments (RFC)
8446, August 2018. Available at
https://datatracker.ietf.org/doc/rfc8446/

.. _rfc3234:
**[3]** B. Carpenter and S. Brim, *Middleboxes: Taxonomy and Issues*,
Internet Engineering Task Force (IETF) Request for Comments (RFC) 3234,
February 2002. Available at https://datatracker.ietf.org/doc/rfc3234

.. _ccpl_workshop:
**[4]** Center for Cybersecurity Policy and Law, Enterprise Data Center
Transparency and Security Workshop Report, November 2019. Available at
https://www.centerforcybersecuritypolicy.org/insights-and-research/enterprise-data-center-transparency-and-security-workshop-summary-report

.. _workshop:
**[5]** National Institute of Standards and Technology, *Virtual Workshop on
Challenges with Compliance, Operations, and Security with TLS 1.3*,
September 2020. Available at
https://www.nccoe.nist.gov/get-involved/attend-events/virtual-workshop-challenges-compliance-operations-and-security-tls-13

.. _rfc7858:
**[6]** Z. Hu, L. Zhu, J. Heidemann, A. Mankin, D. Wessels, and P. Hoffman,
*Specification for DNS over Transport Layer Security (TLS)*, Internet
Engineering Task Force (IETF) Request for Comments (RFC) 7858, May 2016.
Available at https://datatracker.ietf.org/doc/rfc7858/

.. _rfc8484:
**[7]** P. Hoffman and P. McManus, *DNS Queries over HTTPS (DoH)*, Internet
Engineering Task Force (IETF) Request for Comments (RFC) 8484, October
2018. Available at https://datatracker.ietf.org/doc/rfc8484/

.. _rfc9250:
**[8]** C. Huitema, S. Dickinson, and A. Mankin, *DNS over Dedicated QUIC
Connections*, Internet Engineering Task Force (IETF) Request for
Comments (RFC) 9250, May 2022. Available at
https://datatracker.ietf.org/doc/rfc9250/

.. _SP800_30:
**[9]** Joint Task Force Transformation Initiative, *Guide for Conducting
Risk Assessments*, NIST Special Publication (SP) 800-30 Revision 1,
September 2012. https://doi.org/10.6028/NIST.SP.800-30r1

.. _SP800_131A:
**[10]** E. Barker and A. Roginsky, *Transitioning the Use of Cryptographic
Algorithms and Key Lengths*, NIST Special Publication (SP) 800-131A
Revision 2, March 2019. https://doi.org/10.6028/NIST.SP.800-131Ar2

.. _SP800_52:
**[11]** K. McKay and D. Cooper, *Guidelines for the Selection,
Configuration, and Use of Transport Layer Security (TLS)
Implementations*, NIST Special Publication (SP) 800-52 Revision 2,
August 2019. https://doi.org/10.6028/NIST.SP.800-52r2

.. _deprecating:
**[12]** C. Bartle and N. Aviram, *Deprecating Obsolete Key Exchange Methods
in TLS 1.2*, Internet Engineering Task Force (IETF), March 2023.
Available at
https://www.ietf.org/archive/id/draft-ietf-tls-deprecate-obsolete-kex-02.html

.. _frozen:
**[13]** R. Salz and N. Aviram, *TLS 1.2 is Frozen,* Internet Engineering
Task Force (IETF), June 2023. Available at
https://www.ietf.org/archive/id/draft-rsalz-tls-tls12-frozen-01.html

.. _SP207:
**[14]** S. Rose, O. Borchert, S. Mitchell, and S. Connelly, *Zero Trust
Architecture*, NIST Special Publication (SP) 800-207, August 2020.
https://doi.org/10.6028/NIST.SP.800-207

.. _csf:
**[15]** *Framework for Improving Critical Infrastructure Cybersecurity*,
Version 1.1, National Institute of Standards and Technology (NIST),
April 2018. https://doi.org/10.6028/NIST.CSWP.6

.. _SP800_53:
**[16]** Joint Task Force, *Security and Privacy Controls for Information
Systems and Organizations*, NIST Special Publication (SP) 800-53
Revision 5, September 2020. https://doi.org/10.6028/NIST.SP.800-53r5

**[17]** U.S. Department of Commerce, *Security Requirements for
Cryptographic Modules*, Federal Information Processing Standard (FIPS)
140-3, March 2019. https://doi.org/10.6028/NIST.FIPS.140-3

.. _nist_glossary:
**[18]** C. Paulson and R. Byers, *Glossary of Key Information Security
Terms*, National Institute of Standards and Technology Interagency
Report (NISTIR) 7298 Rev. 3, July 2019.
https://doi.org/10.6028/NIST.IR.7298r3

.. _ietf_terms:
**[19]** R. Shirey, *Internet Security Glossary*, *Version 2,* Internet
Engineering Task Force (IETF) Request for Comments (RFC) 4949, August
2007. Available at https://datatracker.ietf.org/doc/rfc4949/

.. _8477:
**[20]** K. Scarfone, M. Souppaya, and M. Fagan, *Mapping Relationships
Between Documentary Standards, Regulations, Frameworks, and Guidelines:
Developing Cybersecurity and Privacy Concept Mappings* National Institute
of Standards and Technology Interagency Report (NISTIR) 8477, February 
2024. https://doi.org/10.6028/NIST.IR.8477