Cybersecurity

Draft language signals more transparent NIST

digital key

The National Institute of Standards and Technology has released new guidance on cryptographic standards that officials hope will begin to earn back the trust of the cyber community and  general public after leaked classified documents in September showed the National Security Agency subverted NIST-adopted computer encryption standards.

NIST has spent the past six months on the defensive, offering few public comments from officials and a few embarrassing recommendations – including one advising against using its own Special Publication (SP) 800-90A.

On Feb. 20, NIST released draft guidance of a document that, if adopted, would further formalize NIST’s claims of transparency and openness into policy.

The draft guidance, titled “NIST Cryptographic Standards and Guidelines Development Process,” puts an emphasis on transparency, openness, technical merit, balance and integrity. It also calls for all stakeholders in the private sector, academia and the public at large to have access to “essential information” regarding standards-related activities and venues, with a commitment from NIST to be transparent during the development and documentation of cryptographic standards. Selection and evaluation criteria, specifications, security and performance characteristics and other standards development-related information must be made transparent to all stakeholders, the document states.

The draft guidance makes clear that NIST will continue to work with the NSA for two reasons:  because of the NSA’s “vast expertise in cryptography,” and because NIST is statutorily obligated to consult with the NSA on standards under the Federal Information Security Management Act of 2002.

NIST is asking for public feedback on its released draft guidance by April 18. The revised publication will “serve as the basis for NIST’s future standards development process.”

About the Author

Frank Konkel is a former staff writer for FCW.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.