[Cryptography] NIST asks for comment on its crypto standards processes

ianG iang at iang.org
Mon Feb 24 05:09:49 EST 2014


As part of a review of its cryptographic standards development process,
the National Institute of Standards and Technology (NIST) is requesting
public comment on a new draft document that describes how the agency
develops those standards. NIST Cryptographic Standards and Guidelines
Development Process (NIST IR 7977) outlines the principles, processes
and procedures of NIST's cryptographic standards efforts.


NIST is responsible for developing standards, guidelines, tools and
metrics to protect non-national security federal information systems. To
ensure it provides high-quality, cost-effective security mechanisms,
NIST works closely with a broad stakeholder community to select, define
and promulgate its standards and guidelines.

In November 2013, NIST announced it would review its cryptographic
standards development process after concerns were raised about the
security of a cryptographic algorithm in NIST Special Publication
800-90, which was originally published in 2006 (an updated version,
800-90A, was published in 2007). Based on those concerns, that
publication was re-issued in September 2013 for a new period of public
review and is being revised to address comments received.

With the draft NIST IR 7977, NIST is seeking feedback on how it develops
its documents; engages experts in industry, academia and government; and
communicates with stakeholders. Public comments will be posted on the
NIST website and used to create a revised document. NIST will then
review its existing standards and guidelines to ensure they adhere to
the principles laid out in NIST IR 7977. "If any issues are found," said
NIST's Donna Dodson, who oversees the process, "they will be addressed
as quickly as possible."

The draft version of NIST IR 7977 and questions for reviewers can be
found in the Computer Security Resource Center at http://csrc.nist.gov/.
Comments may be submitted to crypto-review at nist.gov by April 18, 2014.

More information about the cryptography mailing list