NIST opens comment period on SP 800-52 Rev. 2 TLS guidelines

NIST published the comment solicitation on May 7, 2026, flagging three specific areas where it wants feedback beyond general revision input. The most operationally significant: whether servers should continue to be required to support TLS 1.2, or whether that language should soften to permissive. That shift from "should" to "may" would not mandate removing TLS 1.2 support, but it would strip the protection organizations have relied on when legacy system inventories make an immediate TLS 1.3 cutover impossible.

What the revision targets

The 2019 version of SP 800-52 Rev. 2 predates the broad deployment of TLS 1.3. NIST's Crypto Publication Review Board now intends to align the publication with current IETF TLS 1.3 drafts, a straightforward modernization. The trickier signal is the board's explicit question about conditional allowances for TLS 1.0 and TLS 1.1 in backward-compatibility scenarios. The solicitation does not propose specific conditions or audit requirements; it asks whether any compelling reason exists. That framing is cautious, but the question being asked at all suggests NIST has not foreclosed the option.

Who feels this Monday

Federal contractors and their subcontractors who have mapped TLS configurations to SP 800-52 Rev. 2 as part of CMMC Level 2 or Level 3 assessments will want to monitor this closely. C3PAOs conducting assessments against 800-171 Rev. 3 controls tied to cryptographic protection (SC.3.177 and related) will need to track how the revised publication intersects with current assessment objectives. MSPs managing federal clients on legacy infrastructure face the clearest exposure: a narrowed compatibility window for TLS 1.2 could force re-architecting before their contract cycles allow for it.

The comment window closes July 10, 2026. Submissions go to cryptopubreviewboard@nist.gov with "Comments on SP 800-52 Rev. 2" in the subject line. Responses will be posted publicly after the deadline, with contact information removed.