Cryptographic Standard Document Released

Wednesday, April 6, 2016 @ 11:04 AM gHale


The final version of a document outlining the process for developing cryptographic standards and guidelines just released.

NIST Cryptographic Standards and Guidelines Development Process (NISTIR 7977) is a part of National Institute of Standards and Technology’s (NIST) effort to ensure an understood and participatory process for developing cryptography, which is the technology used to store and transmit data in a particular form so it can only be read or processed by the intended recipient.

RELATED STORIES
New Security Standard from NIST
Joint Process Needed for Security Framework
Security Framework Grows in Usage
Securing Teleworker Attack Vector

“Our goal is to develop strong and effective cryptographic standards and guidelines that are broadly accepted and trusted by our stakeholders,” said Donna Dodson, NIST’s chief cyber security advisor and its Information Technology Laboratory’s associate director for cyber security. “While our primary stakeholder is the federal government, our work has global reach across the public and private sectors. We want a process that results in standards and guidelines that can be used to secure information systems worldwide.”

Dodson first said NIST would review its processes for developing cryptographic standards and guidelines in November 2013, following news reports calling the process into question.

The document includes nine principles that guide NIST’s efforts in creating strong cryptography, including transparency, openness, balance, technical merit and global acceptability.

The “global acceptability” principle added into this final draft is in response to public comments and reflects the global nature of today’s commerce. The document also explains the different types of cryptographic publications NIST releases and how they are made available for public review, as well as how they are managed over their lifecycle.

The document describes NIST’s primary cryptographic stakeholders as the federal agencies and their suppliers, but said NIST “considers its stakeholder community for cryptographic standards, guidelines, tools and metrics to be much broader.”

NIST acknowledges the “possibility for tension between NIST’s mission to promulgate the use of strong cryptography, and the law enforcement and national security missions of other agencies,” and said it makes independent decisions and is committed to using open and transparent processes.

NISTIR 7977 also emphasizes the importance of NIST having “access to the most recent and relevant expertise regarding cryptography,” as well as its commitment to ensuring that its internal capabilities are strong and effective and that it collaborates with the broader cryptographic research community.

Click here to download the final draft.