Cybersecurity

Draft language signals more transparent NIST

digital key

The National Institute of Standards and Technology has released new guidance on cryptographic standards that officials hope will begin to earn back the trust of the cyber community and  general public after leaked classified documents in September showed the National Security Agency subverted NIST-adopted computer encryption standards.

NIST has spent the past six months on the defensive, offering few public comments from officials and a few embarrassing recommendations – including one advising against using its own Special Publication (SP) 800-90A.

On Feb. 20, NIST released draft guidance of a document that, if adopted, would further formalize NIST’s claims of transparency and openness into policy.

The draft guidance, titled “NIST Cryptographic Standards and Guidelines Development Process,” puts an emphasis on transparency, openness, technical merit, balance and integrity. It also calls for all stakeholders in the private sector, academia and the public at large to have access to “essential information” regarding standards-related activities and venues, with a commitment from NIST to be transparent during the development and documentation of cryptographic standards. Selection and evaluation criteria, specifications, security and performance characteristics and other standards development-related information must be made transparent to all stakeholders, the document states.

The draft guidance makes clear that NIST will continue to work with the NSA for two reasons:  because of the NSA’s “vast expertise in cryptography,” and because NIST is statutorily obligated to consult with the NSA on standards under the Federal Information Security Management Act of 2002.

NIST is asking for public feedback on its released draft guidance by April 18. The revised publication will “serve as the basis for NIST’s future standards development process.”

About the Author

Frank Konkel is a former staff writer for FCW.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected