Industry Standards Guide from NIST Special Publication 800-57
An Architectural Decision must be made to determine the appropriate method to protect data when it is being transmitted. The most common options available are Virtual Private Networks (VPN) or a SSL/TLS model commonly used by web applications. The selected model is determined by the business needs of the particular organization. For example, a VPN connection may be the best design for a partnership between two companies that includes mutual access to a shared server over a variety of protocols. Conversely, an Internet facing enterprise web application would likely be best served by a SSL/TLS model.
To create an enterprise architecture standard for implementing TLS certificates based on NIST standards.
Standard
https://raw.githubusercontent.com/solventarchitect/diagrams/main/Visio/TLS-Certificate-Pattern.vsdx
Cox Enterprises Inc.