CryptographyNIST seeking comments on its cryptographic standards process

Published 26 February 2014

As part of a review of its cryptographic standards development process, NIST said it was seeking public comment on a new draft document that describes how the agency develops those standards. In November 2013, NIST announced it would review its cryptographic standards development process after concerns were raised about the security of a cryptographic algorithm in NIST Special Publication 800-90 (2006) an its updated version, 800-90A (2007).

As part of a review of its cryptographic standards development process, the National Institute of Standards and Technology (NIST) said it was seeking public comment on a new draft document that describes how the agency develops those standards. NIST Cryptographic Standards and Guidelines Development Process (NIST IR 7977) outlines the principles, processes, and procedures of NIST’s cryptographic standards efforts.

NIST is responsible for developing standards, guidelines, tools, and metrics to protect non-national security federal information systems. The agency says that to ensure it provides high-quality, cost-effective security mechanisms, it works closely with a broad stakeholder community to select, define, and promulgate its standards and guidelines.

In November 2013, NIST announced it would review its cryptographic standards development process after concerns were raised about the security of a cryptographic algorithm in NIST Special Publication 800-90, which was originally published in 2006 (an updated version, 800-90A, was published in 2007). Based on those concerns, that publication was re-issued in September 2013 for a new period of public review and is being revised to address comments received.

With the draft NIST IR 7977, NIST is seeking feedback on how it develops its documents; engages experts in industry, academia, and government; and communicates with stakeholders.

NIST will post public comments used to create a revised document on its Web site. NIST will then review its existing standards and guidelines to ensure they adhere to the principles laid out in NIST IR 7977. “If any issues are found,” said NIST’s Donna Dodson, who oversees the process, “they will be addressed as quickly as possible.”

The draft version of NIST IR 7977 and questions for reviewers can be found in the Computer Security Resource Center. Comments may be submitted to crypto-review@nist.gov by 18 April 2014.

See also: