In 2013, news reports about leaked classified documents caused concern from the cryptographic community about the security of NIST cryptographic standards and guidelines. NIST is also deeply concerned by these reports, some of which have questioned the integrity of the NIST standards development process.
NIST has a proud history in open cryptographic standards, beginning in the 1970s with the Data Encryption Standard. We strive for a consistently open and transparent process that enlists the worldwide cryptography community to help us develop and vet algorithms included in our cryptographic guidance. NIST endeavors to promote confidence in our cryptographic guidance through these inclusive and transparent development processes, which we believe are the best in use.
Trust is crucial to the adoption of strong cryptographic algorithms. To ensure that our guidance has been developed according the highest standard of inclusiveness, transparency and security, NIST initiated a formal review of our standards development efforts. We documented our goals and objectives, principles of operation, processes for identifying cryptographic algorithms for standardization, methods for reviewing and resolving public comments, and other important procedures necessary for a rigorous process. NIST solicited public input on this process through two public comment periods in February 2014 and January 2015. Revised processes and procedures were finalized in March 2016 as NISTIR 7977.
At the request of the NIST Director, the Visiting Committee on Advanced Technology (VCAT) conducted a review of NIST's cryptographic standards and guidelines development process. The VCAT convened a blue ribbon panel of experts called the Committee of Visitors (COV) and asked each expert to review the process and provide individual reports of their conclusions and recommendations. The VCAT issued their report in July 2014, and their recommendations were incorporated in the process and procedures documented in NISTIR 7977.
Our mission is to protect the nation’s IT infrastructure and information through strong cryptography. We cannot carry out that mission without the trust and assistance of the world’s cryptographic experts. We’re committed to continually earning that trust.
March 31, 2016
NIST announces the release of NIST Interagency Report (NISTIR) 7977, Cryptographic Standards and Guidelines Development Process. This document describes the principles, processes and procedures behind our cryptographic standards development efforts.
Background:
This document is the result of a NIST-initiated review of its cryptographic standards development process in response to public concerns about the security of NIST cryptographic standards and guidelines. The first draft of NIST IR 7977 was released in February 2014 for public comment. This draft was revised based on the public comments received, as well as the recommendations from an independent review committee convened by NIST’s Visiting Committee on Advanced Technology (VCAT). A second draft of NIST IR 7977 which incorporated those revisions was released for public comment in January 2015.
NISTIR 7977 will serve as the basis to guide NIST’s future cryptographic standards and guidelines activities. It will be reviewed and updated every five years, or more frequently if a need arises, to help ensure that NIST fulfills its role and responsibilities for producing robust, effective cryptographic standards and guidelines.
The NIST Public Affairs Office posted a press release on the final publication of NISTIR 7977.
January 23, 2015
Summary:
NIST requests comments on a revised draft (second public draft) report on NISTIR 7977, NIST Cryptographic Standards and Guidelines Development Process. This revised document describes the principles, processes and procedures behind our cryptographic standards development efforts. Please send comments to crypto-review@nist.gov by March 27, 2015.
Background:
This draft results from a NIST-initiated review of its cryptographic standards development process in response to public concerns about the security of NIST cryptographic standards and guidelines.
It reflects NIST’s response to comments received on a February 2014 draft.
We solicited public comments on this revised draft to obtain further feedback on the principles and mechanisms we use to engage stakeholders and experts in industry, academia and government to develop these standards. The NIST Public Affairs Office posted a press release on the revised draft.
Note to Reviewers:
NIST requests comments especially on the following:
February 18, 2014
Summary:
NIST requests comments on FIRST Draft NIST Interagency Report 7977, NIST Cryptographic Standards and Guidelines Development Process. This document describes the principles, processes and procedures behind our cryptographic standards development efforts. Please send questions to crypto-review@nist.gov.
Background:
In November 2013, NIST initiated a review of its cryptographic standards development process in response to public concerns about the security of NIST cryptographic standards and guidelines.
To enable this review, we have compiled information about the principles, processes and procedures that drive our cryptographic standards development efforts to help the public understand how we develop our standards. This information is being published in draft NISTIR 7977, NIST Cryptographic Standards and Guidelines Development Process. We are soliciting public comments on this draft NIST IR to obtain feedback on the mechanisms we use to engage experts in industry, academia and government to develop these standards.
The revised NISTIR 7977 will also serve as the basis for a review of our existing body of cryptographic work. We will examine the procedures used to develop each of our cryptographic standards or guidelines to ensure they were developed in accordance with the principles outlined in NISTIR 7977. If any current guidance does not meet the high standards set out in this process, we will address these issues as quickly as possible, taking into consideration the process used to develop the guidance and a technical review of the affected cryptographic algorithms or schemes.
Note to Reviewers:
As part of your review of NISTIR 7977, we request comments on the following topics: